{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.3.0" }, { "introduced": "0" }, { "last_affected": "1.3.1" }, { "introduced": "0" }, { "last_affected": "1.3.2" }, { "introduced": "0" }, { "last_affected": "1.3.3" }, { "introduced": "0" }, { "last_affected": "1.3.4" }, { "introduced": "0" }, { "last_affected": "1.3.5" }, { "introduced": "0" }, { "last_affected": "1.3.6" }, { "introduced": "0" }, { "last_affected": "1.3.7" }, { "introduced": "0" }, { "last_affected": "1.3.8" }, { "introduced": "0" }, { "last_affected": "1.3.9" }, { "introduced": "0" }, { "last_affected": "1.3.10" }, { "introduced": "0" }, { "last_affected": "1.3.10-rc1" }, { "introduced": "0" }, { "last_affected": "1.4.0" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc1" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc2" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc3" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc4" }, { "introduced": "0" }, { "last_affected": "1.4.0-rc5" }, { "introduced": "0" }, { "last_affected": "1.4.1" }, { "introduced": "0" }, { "last_affected": "1.4.2" }, { "introduced": "0" }, { "last_affected": "1.4.3" }, { "introduced": "0" }, { "last_affected": "1.4.3-rc1" }, { "introduced": "0" }, { "last_affected": "1.4.3-rc2" }, { "introduced": "0" }, { "last_affected": "1.4.3-rc3" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "71034818069ac474668538de6b02d516458813d0" }, { "introduced": "0" }, { "last_affected": "57aa336374bedbdc7f82a9c2b2d1933c4dc90769" }, { "introduced": "0" }, { "last_affected": "05eaf78deea3fa49f88a28ff7f8d4662fac6c728" }, { "introduced": "0" }, { "last_affected": "a8b764256637879e97d3e6491d4cd2921a5e643e" }, { "introduced": "0" }, { "last_affected": "1d1c9edafd7a9ff9b4550f78f90ca7238dfc597b" }, { "introduced": "0" }, { "last_affected": "311d9a3e6be58332752e06a5c881af6f1fb59b20" }, { "introduced": "0" }, { "last_affected": "c9ccfc3c27199d078e3a5a31508d6b922c12ff01" }, { "introduced": "0" }, { "last_affected": "92920875cb51ef9199b01a3b8d5761a2e213b4bb" }, { "introduced": "0" }, { "last_affected": "1d876b47fda381d3f8b4b47673fe8de8d73af85f" }, { "introduced": "0" }, { "last_affected": "66a451de40f24839e23680972b87625ed2242d38" }, { "introduced": "0" }, { "last_affected": "adefbf466fa2c3508ec2d48350b0e2816f41278d" }, { "introduced": "0" }, { "last_affected": "adefbf466fa2c3508ec2d48350b0e2816f41278d" }, { "introduced": "0" }, { "last_affected": "b2e27c5762548db3444389aff2ede23b53b269fa" }, { "introduced": "0" }, { "last_affected": "c9716ac7e115d7996d33221b3fc13fa6526ea1de" }, { "introduced": "0" }, { "last_affected": "0a006d32e5ea1b3d6670e5297ef077be85481dbc" }, { "introduced": "0" }, { "last_affected": "4e3329e7d896d0b70c4b9838f3532367370f8ff1" }, { "introduced": "0" }, { "last_affected": "4075a2731804264514be259fd6533bde5c99756a" }, { "introduced": "0" }, { "last_affected": "b2e27c5762548db3444389aff2ede23b53b269fa" }, { "introduced": "0" }, { "last_affected": "ec241ff9a3c38fc85e13c9ea43194b0ee00a6d0d" }, { "introduced": "0" }, { "last_affected": "38f9fb91ef36e31a3faffbd15a80c8398c328f2a" }, { "introduced": "0" }, { "last_affected": "7eaa6d67b25d68ebc6cbe504808a4f96738f4645" }, { "introduced": "0" }, { "last_affected": "f4564b665452e62965d38d114633269e72b31cec" }, { "introduced": "0" }, { "last_affected": "8450dbda94ce0714988504e6945a3d008ca2ef53" }, { "introduced": "0" }, { "last_affected": "7eaa6d67b25d68ebc6cbe504808a4f96738f4645" } ], "repo": "https://github.com/zikula/core", "type": "GIT" } ] } ], "details": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.", "id": "CVE-2016-9835", "modified": "2026-03-15T13:43:57.606158917Z", "published": "2016-12-05T08:59:02.673Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/95005" }, { "type": "FIX", "url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md" }, { "type": "FIX", "url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md" }, { "type": "FIX", "url": "https://github.com/zikula/core/issues/3237" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }