[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [CVE-2014-2027] PHP objection insertion / arbitrary file deletion / possible RCE in egroupware <= 1.8.005
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [CVE-2014-2027] PHP objection insertion / arbitrary file deletion / possible RCE in egroupware <= 1.8.005
- From: Pedro Ribeiro <pedrib@xxxxxxxxx>
- Date: Wed, 19 Feb 2014 22:20:05 +0000
Hi
Egroupware <= 1.8.005 contains a PHP object insertion vulnerability
via unsafe use of the unserialize() function.
There are lots of classes with magic methods which appear to be
exploitable, some of them possibly for remote code execution. The
advisory linked below contains an example of an arbitrary file
deletion.
The full report can be obtained from my repo in
https://github.com/pedrib/PoC/raw/master/egroupware-1.8.005.txt
The changelog can be seen at http://www.egroupware.org/changelog and
new versions can be obtained from http://www.egroupware.org/download
Regards
Pedro
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/