Describe the bug
As reported by Eldar Marcussen of xen1thLabs, Cacti's unserialization of form data does not properly validate the form input which can result in unsafe unserialization operations.
Expected behavior
Cacti should always check serialized data for expected formatting, or utilize JSON data within the form post to avoid the use of the unserialize() function when dealing with untrusted data.
The text was updated successfully, but these errors were encountered:
netniV
changed the title
Unsafe deserialization in of selected objects in Cacti
When deserializating data, ensure basic sanitization has been performed
Dec 7, 2019
Describe the bug
As reported by Eldar Marcussen of xen1thLabs, Cacti's unserialization of form data does not properly validate the form input which can result in unsafe unserialization operations.
Expected behavior
Cacti should always check serialized data for expected formatting, or utilize JSON data within the form post to avoid the use of the unserialize() function when dealing with untrusted data.
The text was updated successfully, but these errors were encountered: