Vulnerability Description
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opencats | Opencats | <= 0.9.5-3 |
Related Weaknesses (CWE)
References
- https://github.com/snoopysecurity/snoopysecurity.github.io/blob/master/web-appliPatchThird Party Advisory
- https://snoopysecurity.github.io/web-application-security/2021/01/16/09_opencatsExploitThird Party Advisory
- https://www.opencats.org/news/Vendor Advisory
- https://github.com/snoopysecurity/snoopysecurity.github.io/blob/master/web-appliPatchThird Party Advisory
- https://snoopysecurity.github.io/web-application-security/2021/01/16/09_opencatsExploitThird Party Advisory
- https://www.opencats.org/news/Vendor Advisory
FAQ
What is CVE-2021-25294?
CVE-2021-25294 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:Activi...
How severe is CVE-2021-25294?
CVE-2021-25294 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-25294?
Check the references section above for vendor advisories and patch information. Affected products include: Opencats Opencats.