Full title: CodeIgniter / Kohana PHP Object Injection / Timing Attack 
Category: web applications
Platform: php
CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability.

# 0day.today @ http://0day.today/