Security,Technologies

Vulnerability in Bomgar Remote Support Portal – PHP Object Injection

4 Apr , 2015  

PHP_Logo

A Bomgar-specific Vulnerability Report has been issued May 5, 2015, by CERT under CVE-2015-0935. Bomgar Remote Support version 14.3.1 and possibly earlier versions deserialize untrusted data without sufficient validation. An unauthenticated attacker can inject arbitrary input to at least one vulnerable PHP file, and authenticated attackers can inject arbitrary input to multiple vulnerable PHP files. […]

, , ,