| tiêu đề | e107.org e107 CMS 2.3.3 Deserialization |
|---|
| Mô tả | The installer accepts a POST parameter previous_steps, performs base64_decode() and then calls unserialize() directly on that input without validation. Because unserialize() can instantiate arbitrary PHP objects when given attacker-controlled serialized object data, an attacker can craft data that triggers magic methods (for example __wakeup() or __destruct()) in existing classes that perform sensitive actions (file write/delete, command execution, database ops). This can lead to arbitrary file manipulation, privilege escalation within the PHP process context, or remote code execution (RCE), depending on the codebase classes available and the deployment environment. |
|---|
| Nguồn | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/e107%20CMS.md |
|---|
| Người dùng | lakshay12311 (UID 91298) |
|---|
| Đệ trình | 05/10/2025 14:11 (cách đây 8 các tháng) |
|---|
| Kiểm duyệt | 16/10/2025 13:51 (11 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 327949 [e107 CMS đến 2.3.3 POST Parameter install.php base64_decode previous_steps nâng cao đặc quyền] |
|---|
| điểm | 0 |
|---|