| タイトル | phpwcms 1.10.8 phar deserialization vulnerability |
|---|
| 説明 | The phpwcms Content Management System is vulnerable to PHP Object Injection in the feedimport module through deserialization of untrusted input. An attacker can provide a malicious PHAR URL via the 'cnt_text' parameter in the feedimport module, which triggers PHP's deserialization mechanism. This vulnerability allows attackers to inject PHP Objects through a PHAR file using a directory traversal attack pattern (../../). No known POP (Property Oriented Programming) chain has been identified in the core application, meaning this vulnerability may have limited impact unless other components with suitable gadgets are installed. If a POP chain exists through additional components, attackers could potentially delete files, access sensitive information, or execute arbitrary code depending on the available gadgets. This vulnerability can be exploited by attackers with access to the phpwcms admin interface. The attack requires a valid CSRF token to be included in the request.
|
|---|
| ソース | ⚠️ https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md |
|---|
| ユーザー | Dem0 (UID 82596) |
|---|
| 送信 | 2025年05月15日 09:35 (12 月 ago) |
|---|
| モデレーション | 2025年06月03日 07:14 (19 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 310912 [slackero phpwcms 迄 1.9.45/1.10.8 Feedimport processing.inc.php cnt_text 特権昇格] |
|---|
| ポイント | 20 |
|---|