RCE via PHP Object injection via SOAP Requests
Package
No package listed
Affected versions
< 19.4.7, 20 < 20.0.3
Patched versions
< 19.4.8, 20 < 20.0.4
Description
Credits
-
convenient Analyst
convenient
Analyst
Impact
This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.
Patches
The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved
Credits
Credit to Luke Rodgers for reporting