Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 30 Sep 2016 14:54:20 +0800
From: Carl Peng <felixk3y@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: b2evolution 6.7.6 Object Injection vulnerability

hello,
 i reported a object injection vulnerability to b2evolution team, and now
it has been fixed.

Vulnerability:
/htsrv/call_plugin.php #lines 31~40
```
param( 'params', 'string', null ); // serialized
if( is_null($params) )
{ // Default:
$params = array();
}
else
{ // params given. This may result in "false", but this means that
unserializing failed.
$params = @unserialize($params); //object injection
}
```
The parameter of "params" may lead to Object Injection by sending
"params=serialized+object+here"
fixed:
https://github.com/b2evolution/b2evolution/commit/25c21cf9cc4261324001f9039509710b37ee2c4d

This issue was reported by Peng Hua of silence.com.cn Inc. and I would like
to request CVE for this issue (if not done so).

-------------------http://www.silence.com.cn/
penghua@...ence.com.cn
PKAV Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ