Exploit Report

Computer Security And Bug Information

CVE-2023-28115

CVECVE-2023-28115
CVE Title
Published Date2023-03-17T22:15Z
Modified Date2023-03-24T16:40Z
CWE TypeCWE-502
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
DescriptionSnappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/KnpLabs/snappy/releases/tag/v1.4.2
Reference DescriptionMISC https://github.com/KnpLabs/snappy/releases/tag/v1.4.2
Reference URLhttps://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
Reference DescriptionMISC https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
Reference URLhttps://github.com/KnpLabs/snappy/commit/b66f79334421c26d9c244427963fa2d92980b5d3
Reference DescriptionMISC https://github.com/KnpLabs/snappy/commit/b66f79334421c26d9c244427963fa2d92980b5d3
Reference URLhttps://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6
Reference DescriptionMISC https://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6
Reference URLhttps://github.com/KnpLabs/snappy/blob/5126fb5b335ec929a226314d40cd8dad497c3d67/src/Knp/Snappy/AbstractGenerator.php#L670
Reference DescriptionMISC https://github.com/KnpLabs/snappy/blob/5126fb5b335ec929a226314d40cd8dad497c3d67/src/Knp/Snappy/AbstractGenerator.php#L670
TagsRelease Notes
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles