CVE-2022-47083

A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt