Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
- https://github.com/SinGooCMS/SinGooCMSUtility/blob/master/SinGooCMS.Utility/Net/SocketClient.cs
- https://github.com/SinGooCMS/SinGooCMSUtility/issues/1
- https://snyk.io/vuln/SNYK-DOTNET-SINGOOCMSUTILITY-2312979
No PoCs found on GitHub currently.