Headline
Spitfire CMS 1.0.475 (cms_backup_values) PHP Object Injection
The application is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.
Title: Spitfire CMS 1.0.475 (cms_backup_values) PHP Object Injection
Advisory ID: ZSL-2022-5720
Type: Local/Remote
Impact: Manipulation of Data, DoS
Risk: (4/5)
Release Date: 09.12.2022
Summary
Spitfire is a system to manage the content of webpages.
Description
The application is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.
Vendor
Claus Muus - http://spitfire.clausmuus.de
Affected Version
1.0.475
Tested On
nginx
Vendor Status
[28.09.2022] Vulnerability discovered.
[28.09.2022] Vendor contacted.
[08.12.2022] No response from the vendor.
[09.12.2022] Public security advisory released.
PoC
spitfirecms_cookieobjinj.txt
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
N/A
Changelog
[09.12.2022] - Initial release
Contact
Zero Science Lab
Web: https://www.zeroscience.mk
e-mail: [email protected]