{"id":"CVE-2016-9835","details":"Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.","modified":"2026-04-10T03:55:58.312105Z","published":"2016-12-05T08:59:02.673Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95005"},{"type":"FIX","url":"https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"},{"type":"FIX","url":"https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"},{"type":"FIX","url":"https://github.com/zikula/core/issues/3237"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zikula/core","events":[{"introduced":"0"},{"last_affected":"71034818069ac474668538de6b02d516458813d0"},{"introduced":"0"},{"last_affected":"57aa336374bedbdc7f82a9c2b2d1933c4dc90769"},{"introduced":"0"},{"last_affected":"05eaf78deea3fa49f88a28ff7f8d4662fac6c728"},{"introduced":"0"},{"last_affected":"a8b764256637879e97d3e6491d4cd2921a5e643e"},{"introduced":"0"},{"last_affected":"1d1c9edafd7a9ff9b4550f78f90ca7238dfc597b"},{"introduced":"0"},{"last_affected":"311d9a3e6be58332752e06a5c881af6f1fb59b20"},{"introduced":"0"},{"last_affected":"c9ccfc3c27199d078e3a5a31508d6b922c12ff01"},{"introduced":"0"},{"last_affected":"92920875cb51ef9199b01a3b8d5761a2e213b4bb"},{"introduced":"0"},{"last_affected":"1d876b47fda381d3f8b4b47673fe8de8d73af85f"},{"introduced":"0"},{"last_affected":"66a451de40f24839e23680972b87625ed2242d38"},{"introduced":"0"},{"last_affected":"adefbf466fa2c3508ec2d48350b0e2816f41278d"},{"introduced":"0"},{"last_affected":"adefbf466fa2c3508ec2d48350b0e2816f41278d"},{"introduced":"0"},{"last_affected":"b2e27c5762548db3444389aff2ede23b53b269fa"},{"introduced":"0"},{"last_affected":"c9716ac7e115d7996d33221b3fc13fa6526ea1de"},{"introduced":"0"},{"last_affected":"0a006d32e5ea1b3d6670e5297ef077be85481dbc"},{"introduced":"0"},{"last_affected":"4e3329e7d896d0b70c4b9838f3532367370f8ff1"},{"introduced":"0"},{"last_affected":"4075a2731804264514be259fd6533bde5c99756a"},{"introduced":"0"},{"last_affected":"b2e27c5762548db3444389aff2ede23b53b269fa"},{"introduced":"0"},{"last_affected":"ec241ff9a3c38fc85e13c9ea43194b0ee00a6d0d"},{"introduced":"0"},{"last_affected":"38f9fb91ef36e31a3faffbd15a80c8398c328f2a"},{"introduced":"0"},{"last_affected":"7eaa6d67b25d68ebc6cbe504808a4f96738f4645"},{"introduced":"0"},{"last_affected":"f4564b665452e62965d38d114633269e72b31cec"},{"introduced":"0"},{"last_affected":"8450dbda94ce0714988504e6945a3d008ca2ef53"},{"introduced":"0"},{"last_affected":"7eaa6d67b25d68ebc6cbe504808a4f96738f4645"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.0"},{"introduced":"0"},{"last_affected":"1.3.1"},{"introduced":"0"},{"last_affected":"1.3.2"},{"introduced":"0"},{"last_affected":"1.3.3"},{"introduced":"0"},{"last_affected":"1.3.4"},{"introduced":"0"},{"last_affected":"1.3.5"},{"introduced":"0"},{"last_affected":"1.3.6"},{"introduced":"0"},{"last_affected":"1.3.7"},{"introduced":"0"},{"last_affected":"1.3.8"},{"introduced":"0"},{"last_affected":"1.3.9"},{"introduced":"0"},{"last_affected":"1.3.10"},{"introduced":"0"},{"last_affected":"1.3.10-rc1"},{"introduced":"0"},{"last_affected":"1.4.0"},{"introduced":"0"},{"last_affected":"1.4.0-rc1"},{"introduced":"0"},{"last_affected":"1.4.0-rc2"},{"introduced":"0"},{"last_affected":"1.4.0-rc3"},{"introduced":"0"},{"last_affected":"1.4.0-rc4"},{"introduced":"0"},{"last_affected":"1.4.0-rc5"},{"introduced":"0"},{"last_affected":"1.4.1"},{"introduced":"0"},{"last_affected":"1.4.2"},{"introduced":"0"},{"last_affected":"1.4.3"},{"introduced":"0"},{"last_affected":"1.4.3-rc1"},{"introduced":"0"},{"last_affected":"1.4.3-rc2"},{"introduced":"0"},{"last_affected":"1.4.3-rc3"}]}}],"versions":["1.3.0","1.3.1","1.3.10","1.3.10-rc1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.0-rc1","1.4.0-rc2","1.4.0-rc3","1.4.0-rc4","1.4.0-rc5","1.4.1","1.4.2","1.4.3","1.4.3-rc1","1.4.3-rc2","1.4.3-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9835.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}