[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
From: Pedro Ribeiro <pedrib@xxxxxxxxx>
Date: Mon, 3 Feb 2014 21:00:32 +0000

Hi,

I have discovered a vulnerability that might lead to code execution in
Contao CMS <= 3.2.4
Contao CMS <= 3.2.4 does not properly validate user input in several
locations which is then passed directly into PHP's unserialize.

This has been fixed in Contao 3.2.5 as per commit:
https://github.com/contao/core/commit/8c9cb044bdc887a8202bb65a64545c025664f957
and
https://github.com/contao/core/commit/1717336598fdcf1ed3f4ad488e140147cb31516d

Announcements can be found at

https://contao.org/en/news/contao-3_2_5.html

https://contao.org/en/news/contao-2_11_14.html

Thanks to the Contao developers for being so responsive.
The full report can be found at my repo in
https://github.com/pedrib/PoC/blob/master/contao-3.2.4.txt

Regards,

Pedro Ribeiro
Agile Information Security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
  - From: Egidio Romano

Prev by Date: [Full-disclosure] Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability ( CVE-2013-7182)
Next by Date: [Full-disclosure] H2HC 10 - FX Keynote Video is Up
Previous by thread: [Full-disclosure] Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability ( CVE-2013-7182)
Next by thread: Re: [Full-disclosure] [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
Index(es):
- Date
- Thread