[CVE-2022-3861] Betheme <= 26.5.1.4 - Authenticated (Contributor+) PHP Object Injection

Read Time:24 Second

Posted by Julien Ahrens (RCE Security) on Nov 20

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Betheme
Vendor URL: https://muffingroup.com/betheme/
Type: Deserialization of Untrusted Data [CWE-502]
Date found: 2022-11-02
Date published: 2022-11-18
CVSSv3 Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE: CVE-2022-3861

2. CREDITS
==========
This vulnerability was discovered and…

DSA-5835-1 webkit2gtk – security update

The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54479 Seunghyun Lee discovered that processing maliciously crafted web...

December 25, 2024

openjpeg2-2.5.3-1.fc40

FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More

December 24, 2024

libxml2-2.12.9-1.fc40

FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More

December 24, 2024

libxml2-2.12.9-1.fc41

FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More

December 24, 2024

iwd-3.3-1.fc40 libell-0.71-1.fc40

FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...

December 24, 2024

iwd-3.3-1.fc41 libell-0.71-1.fc41

FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...

December 24, 2024

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

US and Japan Blame North Korea for $308m Crypto Heist

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Spyware Maker NSO Group Liable for WhatsApp User Hacks

Major Biometric Data Farming Operation Uncovered

Ransomware Attack Exposes Data of 5.6 Million Ascension Patients

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

Criminal Complaint against LockBit Ransomware Writer

Cryptomining Malware Found in Popular Open Source Packages

[CVE-2022-3861] Betheme <= 26.5.1.4 – Authenticated (Contributor+) PHP Object Injection

DSA-5835-1 webkit2gtk – security update

openjpeg2-2.5.3-1.fc40

libxml2-2.12.9-1.fc40

libxml2-2.12.9-1.fc41

iwd-3.3-1.fc40 libell-0.71-1.fc40

iwd-3.3-1.fc41 libell-0.71-1.fc41