| Título | phpwcms 1.10.8 phar deserialization vulnerability |
|---|
| Descrição | The phpwcms Content Management System is vulnerable to PHP Object Injection in the feedimport module through deserialization of untrusted input. An attacker can provide a malicious PHAR URL via the 'cnt_text' parameter in the feedimport module, which triggers PHP's deserialization mechanism. This vulnerability allows attackers to inject PHP Objects through a PHAR file using a directory traversal attack pattern (../../). No known POP (Property Oriented Programming) chain has been identified in the core application, meaning this vulnerability may have limited impact unless other components with suitable gadgets are installed. If a POP chain exists through additional components, attackers could potentially delete files, access sensitive information, or execute arbitrary code depending on the available gadgets. This vulnerability can be exploited by attackers with access to the phpwcms admin interface. The attack requires a valid CSRF token to be included in the request.
|
|---|
| Fonte | ⚠️ https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md |
|---|
| Utilizador | Dem0 (UID 82596) |
|---|
| Submissão | 15/05/2025 09h35 (há 11 meses) |
|---|
| Moderação | 03/06/2025 07h14 (19 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 310912 [slackero phpwcms até 1.9.45/1.10.8 Feedimport processing.inc.php cnt_text Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|