[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: b2evolution 6.7.6 Object Injection vulnerability
From:       Carl Peng <felixk3y () gmail ! com>
Date:       2016-09-30 6:54:20
Message-ID: CAEiFw0URs1e9oVb-Jzh3qDe-bOyEVJo7iL3Bx0YFSTFK9FRB-A () mail ! gmail ! com
[Download RAW message or body]


hello,
 i reported a object injection vulnerability to b2evolution team, and now
it has been fixed.

Vulnerability:
/htsrv/call_plugin.php #lines 31~40
```
param( 'params', 'string', null ); // serialized
if( is_null($params) )
{ // Default:
$params = array();
}
else
{ // params given. This may result in "false", but this means that
unserializing failed.
$params = @unserialize($params); //object injection
}
```
The parameter of "params" may lead to Object Injection by sending
"params=serialized+object+here"
fixed:
https://github.com/b2evolution/b2evolution/commit/25c21cf9cc4261324001f9039509710b37ee2c4d

This issue was reported by Peng Hua of silence.com.cn Inc. and I would like
to request CVE for this issue (if not done so).

-------------------http://www.silence.com.cn/
penghua@silence.com.cn
PKAV Team


[prev in list] [next in list] [prev in thread] [next in thread]