CNNVD-202510-3547 Information

CNNVD ID

CNNVD-202510-3547

Related CVE

CVE-2025-34292

• CNNVD Published: 2025-10-27

Description (Chinese)

BeWelcome是BeWelcome开源的一个旅行分享站点。 BeWelcome 存在安全漏洞，该漏洞源于对POST参数formkit_memory_recovery和memory cookie bwRemember的反序列化处理不当，可能导致PHP对象注入攻击。

Description (English)

BeWelcome is a travel-sharing site open to BeWelcome. There is a security loophole in BeWelcome, which stems from inappropriate inverse sequence processing of POST parameters forformkit memory recovery and memory cookie bwRemember, which may lead to an injection of PHP objects.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

BeWelcome

Published

2025-10-27

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/rox-php-object-injection-rce https://gist.github.com/mcdruid/c0f7c42b28949c7d86cf77d0c674f398 https://github.com/BeWelcome/rox/commit/c60bf04 https://access.redhat.com/security/cve/cve-2025-34292