The plugin unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.
To simulate a gadget chain, put the following code in a plugin: class Evil { public function __wakeup() : void { die(“Arbitrary deserialization”); } } 1. Active this plugin and create a simple form. 2. Embed form in existing page. 3. Use anonymous user to fill in the text field with O:4:“Evil”:0:{} and submit that form. 4. You will see the “Arbitrary deserialization” result.
CPE | Name | Operator | Version |
---|---|---|---|
formidable | lt | 6.2 |