P

POI

POI stands for PHP Object Injection.

The vulnerability occurs when user-supplied input is not properly sanitized before being passed to the unserialize() PHP function. Since PHP allows object serialization, attackers could pass ad-hoc serialized strings to a vulnerable unserialize() call, resulting in an arbitrary PHP object injection into the application scope.
POI
0 votes, 0.00 avg. rating (0% score)