oss-sec mailing list archives

Re: CVE request: PHP object insertion in Contao CMS <= 3.2.5

From: cve-assign () mitre org
Date: Mon, 3 Feb 2014 10:04:50 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

passed directly into PHP's unserialize

https://github.com/contao/core/commit/8c9cb044bdc887a8202bb65a64545c025664f957
https://github.com/contao/core/commit/1717336598fdcf1ed3f4ad488e140147cb31516d
https://github.com/pedrib/PoC/blob/master/contao-3.2.4.txt


Use CVE-2014-1860.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS76+sAAoJEKllVAevmvmsVkAH/jWjzo9XfaTN3YR7XQO1xdZH
6vTlzWlSMfSICA2wIjLBvWC7rexXbAfXDr28yic7Ah/ECD4wGvoS2b5dzQJ7c4Ev
8h5tRYt4XhEi4QgeNg+izqw5R5pxxyq+vjYA7QAudSSc6hCcqDiNFnEPlTJiUDXK
LChGrJUz0K+lWnPYYZqU5phBaI2yiQ5eGsCCgVGxBcS8e8qNFfPhpIt5xASLA8RD
cPDPN/QK642DjlJ3PBriozi/ECUn6QDvRDrs9K6gOKQHP3WCUET/os2ZyCbSHIcN
JBuDCsWguy4BPOJX1cLU1gn5yoECRtIk87OwOsF0kuKpqdoN2Os4yTxiB5pXYaU=
=pl0i
-----END PGP SIGNATURE-----

Current thread:

CVE request: PHP object insertion in Contao CMS <= 3.2.5 Pedro Ribeiro (Feb 03)
- Re: CVE request: PHP object insertion in Contao CMS <= 3.2.5 cve-assign (Feb 03)