Vulnerability in Bomgar Remote Support Portal – PHP Object Injection

4 Apr , 2015  


A Bomgar-specific Vulnerability Report has been issued May 5, 2015, by CERT under CVE-2015-0935. Bomgar Remote Support version 14.3.1 and possibly earlier versions deserialize untrusted data without sufficient validation. An unauthenticated attacker can inject arbitrary input to at least one vulnerable PHP file, and authenticated attackers can inject arbitrary input to multiple vulnerable PHP files. […]

, , ,