You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OpenCATs is vulnerable to PHP Object injection due to taking userinput via the unserialize function. A user could leverage this to execute code on an attacker's system
Expected behavior and actual behavior.
OpenCATs is vulnerable to PHP Object injection due to taking userinput via the
unserialize
function. A user could leverage this to execute code on an attacker's systemSteps to reproduce the problem.
You can see steps on how this vulnerability could be exploited here: https://snoopysecurity.github.io/web-application-security/2021/01/16/09_opencats_php_object_injection.html
What version of opencats are you running?
Latest: https://github.com/opencats/OpenCATS/tree/develop/docker
Release or downloaded from Git?
Latest
WAMP or LAMP?
LAMP - Used docker container within https://github.com/opencats/OpenCATS/tree/develop/docker
What version of PHP and MySQL are you running
PHP7
attach appropriate error logs. Please attach [apache/mysql] error/access logs as needed.
The text was updated successfully, but these errors were encountered: