关键漏洞信息 Advisory Title: unserialize vulnerability in GLPI Product: GLPI 0.83.9 Discovered by: Xavier Mehrenberger @Cassidian CyberSecurity Vulnerable Version: 0.83.9 (tested on v0.83.9, 2013-06-21) Fixed in Repository: 2013-06-23 commits 21169 to 21180 Vulnerability Type: Potential PHP code execution Explanation: Vulnerability type [CWE-502] Deserialization of Untrusted Data CVSS: Not yet assigned Steps to Reproduce: - Issue a request to glpi/front/ticket.form.php?id=1&predefined_fields=XXXX, replacing XXXX with a serialized PHP object Vulnerable Code Sample: Impact: When a non-existent empty serialized class is unserialized, an error is caught by the userErrorHandlerNormal function. When a PHP object gets unserialized, its function is executed, and its function is executed when the object is destroyed. This can lead to code execution. Fix: The unsafe use of has been fixed throughout the codebase in commits 21169 to 21180.