Posted by Scott Arciszewski on Aug 27

In the near future on an IRC server near you:

CVE-2015-5687 (PHP Object Injection in AnchorCMS)
=================================================

Out of the box, AnchorCMS defaults to store all session state in a
cookie (contrast this with only storing a unique identifier in a
cookie which references a server-side storage mechanism, such as a
temporary file or a database row).

Aside: If you have paid attention to my past work with Laravel,…