admin/0day
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0day/CMS/sugarCRM/sugarCRM_v6.5.23/README.md
Mr5m1th 410f713b49 *
2017-09-25 21:29:27 +08:00

225 B
Raw Blame History

sugarCRM v6.5.23 反序列化漏洞(对象注入漏洞)绕过__wakeup 影响版本 SugarCRM <= 6.5.23 PHP5 < 5.6.25 PHP7 < 7.0.10

修复建议:include/utils.php sugar_unserialize函数正则匹配修正为 /[oc]:[^:]*\d+:/i