Connect with us

Hi, what are you looking for?

Cyber Security

Melis Platform CMS patched for critical RCE flaw

Melis Platform, the open source e-commerce and content management system (CMS), was vulnerable to remote code execution (RCE) via a critical deserialization vulnerability.

Tracked as CVE-2022-39297 and with a CVSS score of 9.8, the object injection flaw has been patched along with a pair of high severity bugs by French vendor Melis Technology.

Melis Platform is based on Laminas, a popular PHP framework formally known as Zend, and counts Keyrus, Paco Rabanne, and La Banque Postale among its users.

The vulnerabilities were discovered by researchers from Swiss security outfit Sonar.

“The main vulnerability we identified comes from the deserialization of user data, something that is known to be unsafe for quite some time now,” Sonar vulnerability researcher Thomas Chauchefoin told The Daily Swig.

“As modern applications are very loosely coupled, it was not immediately obvious, even to an educated eye, that attackers could reach this code. This is where automated code analysis can be very powerful,” they added.

‘Puzzle pieces’

Having established the potential for abuse of PHP’s unserialize() function with Sonar’s static analysis tool, the researchers tested exploitability by crafting a Property Oriented Programming (POP) chain.

“The fun thing about deserialization vulnerabilities in PHP is that not so many gadget chains are available when you adventure [move] yourself out of the usual targets; they are like small puzzle pieces you have to assemble to obtain code execution,” said Chauchefoin.

“We had to come up with a new chain for the framework Laminas. We added it to PHPGGC, a public database of the most common gadget chains, so other researchers don’t have to do this work again!”

Targeting the cache layer

In a blog post, Chauchefoin and Sonar software engineer Karim El Ouerghemmi documented how they targeted Laminas’ cache layer.

“Cache systems are often good targets ‘because they are] designed in a way to be loosely coupled with the rest of the application (e.g. automatically trigger save at the end of the lifecycle of the request by using destructors) and support a broad range of storage backends, including filesystems,” they wrote. “It can also be assumed that gaining the ability to control what’s stored in the cache can be abused later upon its retrieval, this data is always considered to be trusted.”

The other high severity issues caught by Sonar’s researchers include CVE-2022-39296, an arbitrary file read bug, and CVE-2022-3929, a DMA re-entrancy vulnerability in the NVM Express Controller (NVME) emulation in QEMU that could lead to denial of service (DoS) or code execution.

Sonar reported the vulnerabilities to Melis Technology back in June 2021 and patched updates were released on September 23, 2022.

The flaws affect versions spanning 2.2.0 and 5.0.0 inclusive, and were remediated in Melis 5.0.1.

Copyright 2021 Associated Press. All rights reserved.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/melis-platform-cms-patched-for-critical-rce-flaw

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

HAProxy, the popular open source load balancer and reverse proxy, has patched a bug that could enable attackers to stage HTTP request smuggling attacks. By sending a maliciously...

Cyber Security

Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka Connect. Announced on February 8, the critical vulnerability...

Cyber Security

Security analysis tool Binwalk itself poses a security risk to users running out-of-date versions due to a path traversal vulnerability that could lead to...

Cyber Security

A trio of authentication bypass bugs stemming from the use of hardcoded keys have been patched in popular enterprise analytics platform Yellowfin BI. After...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO