{
  "schema_version": "1.4.0",
  "id": "GHSA-qmqm-hvm5-wx4p",
  "modified": "2022-05-24T17:03:15Z",
  "published": "2022-05-24T17:03:15Z",
  "aliases": [
    "CVE-2019-19373"
  ],
  "details": "An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19373"
    },
    {
      "type": "WEB",
      "url": "https://matrix.squiz.net/releases/5.5/5.5.3.3"
    },
    {
      "type": "WEB",
      "url": "https://zxsecurity.co.nz/wp-content/uploads/2019/12/ZX%20Security%20Advisory%20-%20Squiz%20Matrix%20CMS%20-%20Multiple%20Vulnerabilities.pdf"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155671/Squiz-Matrix-CMS-5.5.x.x-Code-Execution-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Dec/34"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-11T20:15:00Z"
  }
}