oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: b2evolution 6.7.6 Object Injection vulnerability

From: Carl Peng <felixk3y () gmail com>
Date: Fri, 30 Sep 2016 14:54:20 +0800
hello,
 i reported a object injection vulnerability to b2evolution team, and now
it has been fixed.

Vulnerability:
/htsrv/call_plugin.php #lines 31~40
```
param( 'params', 'string', null ); // serialized
if( is_null($params) )
{ // Default:
$params = array();
}
else
{ // params given. This may result in "false", but this means that
unserializing failed.
$params = @unserialize($params); //object injection
}
```
The parameter of "params" may lead to Object Injection by sending
"params=serialized+object+here"
fixed:
https://github.com/b2evolution/b2evolution/commit/25c21cf9cc4261324001f9039509710b37ee2c4d

This issue was reported by Peng Hua of silence.com.cn Inc. and I would like
to request CVE for this issue (if not done so).

-------------------http://www.silence.com.cn/
penghua () silence com cn
PKAV Team
Previous By Date Next
Previous By Thread Next

Current thread: