|
|
@@ -318,10 +318,10 @@ Since I do not have access to the 8770 files and i can't test the upload code fo
|
|
|
* Multiple calls to unserialize on untrusted data:
|
|
|
|
|
|
```
|
|
|
- unserialize(gzuncompress($MyG["themes"]));
|
|
|
+ unserialize(gzuncompress($_COOKIE["themes"]));
|
|
|
unserialize(gzuncompress($_COOKIE["station"]));
|
|
|
unserialize(gzuncompress($_COOKIE["cfilter"]));
|
|
|
- unserialize(gzuncompress($MyG["bookmarks"]));
|
|
|
+ unserialize(gzuncompress($_COOKIE["bookmarks"]));
|
|
|
```
|
|
|
I did not find an exploitable chain but: all the PHP version shipped with this product have multiple unserialize CVE and I did not find a way but it is possible to play with the COM class.
|
|
|
|
