oss-sec mailing list archives
CVE request: b2evolution 6.7.6 Object Injection vulnerability
From: Carl Peng <felixk3y () gmail com>
Date: Fri, 30 Sep 2016 14:54:20 +0800
hello, i reported a object injection vulnerability to b2evolution team, and now it has been fixed. Vulnerability: /htsrv/call_plugin.php #lines 31~40 ``` param( 'params', 'string', null ); // serialized if( is_null($params) ) { // Default: $params = array(); } else { // params given. This may result in "false", but this means that unserializing failed. $params = @unserialize($params); //object injection } ``` The parameter of "params" may lead to Object Injection by sending "params=serialized+object+here" fixed: https://github.com/b2evolution/b2evolution/commit/25c21cf9cc4261324001f9039509710b37ee2c4d This issue was reported by Peng Hua of silence.com.cn Inc. and I would like to request CVE for this issue (if not done so). -------------------http://www.silence.com.cn/ penghua () silence com cn PKAV Team
Current thread:
- CVE request: b2evolution 6.7.6 Object Injection vulnerability Carl Peng (Sep 30)