CVE-2023-46817
Last modified
CVE-2023-46817 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. EPSS estimates a 1.81% chance of exploitation in the next 30 days.
Description
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phpfox | Phpfox | < 4.8.13 |
References
- http://seclists.org/fulldisclosure/2023/Oct/30Exploit, Mailing List, Third Party Advisory
- https://karmainsecurity.com/KIS-2023-12Third Party Advisory
- https://karmainsecurity.com/pocs/CVE-2023-46817.phpExploit, Third Party Advisory
- https://www.phpfox.com/blog/Product
- http://seclists.org/fulldisclosure/2023/Oct/30Exploit, Mailing List, Third Party Advisory
- https://karmainsecurity.com/KIS-2023-12Third Party Advisory
- https://karmainsecurity.com/pocs/CVE-2023-46817.phpExploit, Third Party Advisory
- https://www.phpfox.com/blog/Product
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-46817?
How severe is CVE-2023-46817?
How do I fix CVE-2023-46817?
Are you affected by CVE-2023-46817?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST