PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related serialized data and the last part of the concatenated filename, which creates a file in webroot.
Weakness
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpmemcachedadmin | Phpmemcachedadmin_project | * | 1.2.2 (including) |
Potential Mitigations
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Related Attack Patterns
References
- http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.html
- http://www.securityfocus.com/archive/1/533968/100/0/threaded
- http://www.securityfocus.com/archive/1/533980/100/0/threaded
- http://www.securityfocus.com/bid/71059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98638
- http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.html
- http://www.securityfocus.com/archive/1/533968/100/0/threaded
- http://www.securityfocus.com/archive/1/533980/100/0/threaded
- http://www.securityfocus.com/bid/71059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98638