CVE-2023-46817

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2023/Oct/30	Exploit Mailing List Third Party Advisory
https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14	Product
https://karmainsecurity.com/KIS-2023-12	Third Party Advisory
https://karmainsecurity.com/pocs/CVE-2023-46817.php	Exploit Third Party Advisory
https://www.phpfox.com/blog/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpfox:phpfox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-03 05:15

Updated : 2023-11-13 19:30

NVD link : CVE-2023-46817

Mitre link : CVE-2023-46817

CVE.ORG link : CVE-2023-46817

JSON object : View

Products Affected

phpfox

phpfox

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-46817", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-03T05:15:30.867", "references": [{"url": "http://seclists.org/fulldisclosure/2023/Oct/30", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://karmainsecurity.com/KIS-2023-12", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://karmainsecurity.com/pocs/CVE-2023-46817.php", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.phpfox.com/blog/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en phpFox antes de la versi\u00f3n 4.8.14. El par\u00e1metro de solicitud de URL pasado a la ruta /core/redirect no se sanitiza adecuadamente antes de usarse en una llamada a la funci\u00f3n PHP unserialize(). Esto puede ser aprovechado por atacantes remotos no autenticados para inyectar objetos PHP arbitrarios en el \u00e1mbito de la aplicaci\u00f3n, lo que les permite realizar una variedad de ataques, como ejecutar c\u00f3digo PHP arbitrario."}], "lastModified": "2023-11-13T19:30:38.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpfox:phpfox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFCFC958-00EA-4228-87A9-965E8BDD5983", "versionEndExcluding": "4.8.13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}