CVE-2018-19274

CVE-2018-19274 affects phpBB < 3.2.4: remote code execution via Phar deserialization when an attacker with founder permissions can access the Admin Control Panel. The issue arises from using an absolute path in a file_exists check, enabling Object Injection. NVD data shows CVSSv3.1 base score ...

PT-2018-14897 · Phpbb Limited · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions prior to 3.2.4 Description: The issue allows for Remote Code Execution through Object Injection by utilizing Phar deserialization. This can be achieved by passing an absolute path to a file exists check. The exploitation of thi...

Design/Logic Flaw

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

DEBIAN-CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

CVE-2018-19296

PHPMailer (versions before 5.2.27 and 6.x before 6.0.6) is affected by an object injection vulnerability (CVE-2018-19296). The issue stems from how attachments may be processed, enabling an attacker to inject objects via crafted input, potentially leading to code execution. Patches were released ...

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack...

phpmailer -- Multiple vulnerability

The PHPMailer Team reports: CVE-2018-19296:Fix potential object injection vulnerability...

PT-2018-2631 · Php +2 · Phpmailer +2

Name of the Vulnerable Software and Affected Versions: PHPMailer versions prior to 5.2.27 PHPMailer versions 6.x prior to 6.0.6 Description: The issue is related to insufficient input validation in the PHPMailer library, allowing a remote attacker to perform an object injection attack. This could...

Simple Link Directory < 5.6.0 - Authenticated PHP Object Injection

Due to the OptionTree library...

WordPress WooCommerce plugin <= 3.4.5 - Authenticated Object Injection vulnerability

Authenticated Object Injection vulnerability found by Slavco in WordPress WooCommerce plugin versions = 3.4.5. Solution Update the WordPress WooCommerce plugin to the latest available version at least 3.4.6...

Magecart Cybergang Targets 0days in Third-Party Magento Extensions

Criminals behind the Magecart gang have shifted tactics, and are now targeting nearly two dozen unpatched vulnerabilities found in third-party plugins used in the Magento e-commerce platform. Previously, the Magecart cybergang had focused on the core of Magento, using attack strategies such as...

What is PHP Object Injection

PHP Serialization Recap PHP provides a mechanism for storing and loading data with PHP types across multiple HTTP requests. This mechanism boils down to two functions: serialize and unserialize. This may sound complicated but lets look at the following easy example: A PHP object being serialized ...

h1-5411-CTF: Remote Command Execution in a internal server to get the flag file

Summary: After source code disclosure using a LFI vulnerability and using PHP object injection with XXE I was able to find an internal service at port 1337. Using the SSRF through XXE I sent a HTTP request to this internal service and discovered a python object injection using status parameter,...

h1-5411-CTF: RCE via Local File Read -> php unserialization-> XXE -> unpickling

Summary: It was possible to escalate to Remote Code Execution via different bugs such as local file read, php object injection, XML External Entity and Un-Pickling of Python serialized object. Description: Using local file read it was discovered that the php code was vulnerable to php object...

h1-5411-CTF: Solution for h15411's CTF challenge

Baby steps Earlier today a friend tipped me off about an ongoing CTF challenge that was being run by HackerOne and would get the first ten winners a ticket to participate in h15411, which will be a live-hacking event happening in Buenos Aires. This immediately caught my attention and I decided to...

h1-5411-CTF: Flag WriteUp

Hello everyone , here is my writeup : Intro First I decoded the QR Code of the tweet , decoding to Here you go: 68747470733a2f2f68312d353431312e68316374662e636f6d . Decoding the hex value we get the challenge URL : https://h1-5411.h1ctf.com Path traversal + local file read On the website I found...