mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
967 B
967 B
CVE-2023-46817
Description
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
POC
Reference
- http://seclists.org/fulldisclosure/2023/Oct/30
- https://karmainsecurity.com/KIS-2023-12
- https://karmainsecurity.com/pocs/CVE-2023-46817.php
Github
No PoCs found on GitHub currently.