| 제목 | phpwcms 1.10.8 phar/php filter vulnerability |
|---|
| 설명 | The phpwcms Content Management System is vulnerable to PHP Object Injection in the article content type 21 (Custom Source Tab) through deserialization of untrusted input. An attacker can provide a malicious PHAR URL via the 'cpage_custom' parameter in the content editing form, which is passed directly to the file_get_contents() function without proper validation. This vulnerability allows attackers to inject PHP Objects through a PHAR file or utilize various PHP stream wrappers for side-channel attacks. No known POP (Property Oriented Programming) chain has been identified in the core application, meaning this vulnerability may have limited impact unless other components with suitable gadgets are installed. If a POP chain exists through additional components, attackers could potentially delete files, access sensitive information, or execute arbitrary code depending on the available gadgets. This vulnerability can be exploited by attackers with access to the phpwcms admin interface. The attack requires a valid CSRF token to be included in the request. |
|---|
| 원천 | ⚠️ https://github.com/3em0/cve_repo/blob/main/phpwcms/cnt21.readform.inc.php%23file_get_contents.md |
|---|
| 사용자 | Dem0 (UID 82596) |
|---|
| 제출 | 2025. 05. 15. PM 01:25 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 03. AM 07:14 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310913 [slackero phpwcms 까지 1.9.45/1.10.8 Custom Source Tab cnt21.readform.inc.php file_get_contents/is_file cpage_custom 권한 상승] |
|---|
| 포인트들 | 20 |
|---|