Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
To simulate a gadget chain, put the following code in a plugin: class Evil { public function __wakeup() : void { die(“Arbitrary deserialization”); } } Then execute the command below in the web developer console of the browser when on the blog as unauthenticated: document.cookie=‘usces_cookie=O:4:“Evil”:0:{}’ Refresh the page to see the ‘Arbitrary deserialization’ message displayed
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.9.5 |