Slim Framework – (CVE-2015-2171, PHP Object Injection), Other Vulnerabilities

Posted by Scott Arciszewski on Mar 02

Product: Slim PHP Framework
Website: http://www.slimframework.com/
Affected versions: 2.5.0 and lower
Fixed in: 2.6.0 (released 2015-03-01)
CVSS Score: I don’t care. Does anybody really?

“””
Slim has super-secure cryptography using military-grade encryption. Slim
uses your unique key to encrypt session and cookie data before persisting
data to disk.
“””

Wow, sounds great. Let’s look under the hood….

Leave a Reply