An administrator user can create a new domain and use the code above to deserialise a PHP object, running it's magic methods to execute PHP commands on the server. This may lead to remote code execution
The text was updated successfully, but these errors were encountered:
Summary
An attacker with administrative privileges can perform PHP object serialisation attacks, which can possibly lead to remote code execution.
System information
Vulnerable Section
Froxlor/admin_domains.php
Lines 566 to 568 in 27f8c8b
An administrator user can create a new domain and use the code above to deserialise a PHP object, running it's magic methods to execute PHP commands on the server. This may lead to remote code execution
The text was updated successfully, but these errors were encountered: