Homepage
About Snyk

Arbitrary Code Injection Affecting slim/slim package, versions <2.6.0

0.0
high

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.61% (79th percentile)
Expand this section
NVD
7.3 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-SLIMSLIM-72121
  • published 16 Apr 2018
  • disclosed 30 Mar 2015
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 30 Mar 2015

CVE-2015-2171 Open this link in a new tab
CWE-94 Open this link in a new tab

How to fix?

Upgrade slim/slim to version 2.6.0 or higher.

Overview

slim/slim is a PHP micro framework that helps you quickly write simple yet powerful web applications and APIs.

Affected versions of this package are vulnerable to Arbitrary Code Injection in the Middleware/SessionCookie.php class. It allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.

References