oss-sec mailing list archives
Re: CVE request: PHP object insertion in Contao CMS <= 3.2.5
From: cve-assign () mitre org
Date: Mon, 3 Feb 2014 10:04:50 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
passed directly into PHP's unserialize
https://github.com/contao/core/commit/8c9cb044bdc887a8202bb65a64545c025664f957 https://github.com/contao/core/commit/1717336598fdcf1ed3f4ad488e140147cb31516d https://github.com/pedrib/PoC/blob/master/contao-3.2.4.txt
Use CVE-2014-1860. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS76+sAAoJEKllVAevmvmsVkAH/jWjzo9XfaTN3YR7XQO1xdZH 6vTlzWlSMfSICA2wIjLBvWC7rexXbAfXDr28yic7Ah/ECD4wGvoS2b5dzQJ7c4Ev 8h5tRYt4XhEi4QgeNg+izqw5R5pxxyq+vjYA7QAudSSc6hCcqDiNFnEPlTJiUDXK LChGrJUz0K+lWnPYYZqU5phBaI2yiQ5eGsCCgVGxBcS8e8qNFfPhpIt5xASLA8RD cPDPN/QK642DjlJ3PBriozi/ECUn6QDvRDrs9K6gOKQHP3WCUET/os2ZyCbSHIcN JBuDCsWguy4BPOJX1cLU1gn5yoECRtIk87OwOsF0kuKpqdoN2Os4yTxiB5pXYaU= =pl0i -----END PGP SIGNATURE-----
Current thread:
- CVE request: PHP object insertion in Contao CMS <= 3.2.5 Pedro Ribeiro (Feb 03)
- Re: CVE request: PHP object insertion in Contao CMS <= 3.2.5 cve-assign (Feb 03)