| 제목 | phpwcms 1.10.8 phar deserialization vulnerability |
|---|
| 설명 | The phpwcms Content Management System is vulnerable to PHP Object Injection in the feedimport module through deserialization of untrusted input. An attacker can provide a malicious PHAR URL via the 'cnt_text' parameter in the feedimport module, which triggers PHP's deserialization mechanism. This vulnerability allows attackers to inject PHP Objects through a PHAR file using a directory traversal attack pattern (../../). No known POP (Property Oriented Programming) chain has been identified in the core application, meaning this vulnerability may have limited impact unless other components with suitable gadgets are installed. If a POP chain exists through additional components, attackers could potentially delete files, access sensitive information, or execute arbitrary code depending on the available gadgets. This vulnerability can be exploited by attackers with access to the phpwcms admin interface. The attack requires a valid CSRF token to be included in the request.
|
|---|
| 원천 | ⚠️ https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md |
|---|
| 사용자 | Dem0 (UID 82596) |
|---|
| 제출 | 2025. 05. 15. AM 09:35 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 03. AM 07:14 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310912 [slackero phpwcms 까지 1.9.45/1.10.8 Feedimport processing.inc.php cnt_text 권한 상승] |
|---|
| 포인트들 | 20 |
|---|