Posted by Scott Arciszewski on Aug 27
In the near future on an IRC server near you:
CVE-2015-5687 (PHP Object Injection in AnchorCMS)
=================================================
Out of the box, AnchorCMS defaults to store all session state in a
cookie (contrast this with only storing a unique identifier in a
cookie which references a server-side storage mechanism, such as a
temporary file or a database row).
Aside: If you have paid attention to my past work with Laravel,…