CVE-2016-9045

Summary

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
ProcessMakerProcessMaker EnterpriseProcessMaker Enterprise Core 3.0.1.7-communityaffected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References