Home > Vulnerability Database > CVE-2023-36825

Mend.io Vulnerability Database

CVE-2023-36825

Date: July 11, 2023

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the "_state" query parameter, which can result in remote code execution. The issue has been addressed in version 14.5.0. Users are advised to upgrade their software to this version or any subsequent versions that include the patch. There are no known workarounds.

Language: PHP

Severity Score

9.6

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-36825

Url: https://github.com/orchidsoftware/platform

Url: https://github.com/orchidsoftware/platform/releases/tag/14.5.0

Url: https://github.com/orchidsoftware/platform/security/advisories/GHSA-ph6g-p72v-pc3p

Url: https://www.mend.io/vulnerability-database/CVE-2023-36825

Severity Score

9.6

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-36825

Date: July 11, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?