PT-2023-30334 · Yiisoft · Yii
Ma4Ter222
·
Publicado
2023-11-14
·
Atualizado
2023-11-20
·
CVE-2023-47130
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
yiisoft/yii versions prior to 1.1.29
Description
The issue allows for Remote Code Execution (RCE) if the application calls
unserialize() on arbitrary user input. An attacker may leverage this to compromise the host system.Recommendations
For versions prior to 1.1.29, upgrade to version 1.1.29 or higher. As a temporary workaround, consider avoiding the use of
unserialize() on arbitrary user input until the issue is resolved. Restrict access to sensitive areas of the application to minimize the risk of exploitation.Exploit
Correção
RCE
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Yii