Miggo Logo
Miggo Vulnerability Database
CVE-2013-6288

CVE-2013-6288:
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2013-6288
GHSA ID
GHSA-7m7g-jq4m-98w5
EPSS Score
0.6485%
CWE
-
Published
5/17/2022
Updated
8/29/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-solr-for-typo3/solrcomposer< 2.8.32.8.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information, including vulnerability reports and the ChangeLog for version 2.8.3, does not explicitly identify specific functions related to insecure unserialize(). While the CVE and advisory mention 'Insecure Unserialize,' the available commit history and patch details focus on XSS fixes (CVE-2013-6289) and other changes. Without access to the exact code changes in the patched version (2.8.3) or the vulnerable code in versions <2.8.3, it is not possible to confidently pinpoint the vulnerable functions. The insecure unserialize() likely involved unserialize() calls on untrusted data, but insufficient code context prevents high-confidence identification of specific functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Unsp**i*i** vuln*r**ility in t** *p**** Solr *or TYPO* (solr) *xt*nsion ***or* *.*.* *or TYPO* **s unknown imp**t *n* r*mot* *tt**k v**tors, r*l*t** to "Ins**ur* Uns*ri*liz*."

Reasoning

T** provi*** in*orm*tion, in*lu*in* vuln*r**ility r*ports *n* t** ***n**Lo* *or v*rsion *.*.*, *o*s not *xpli*itly i**nti*y sp**i*i* *un*tions r*l*t** to ins**ur* `uns*ri*liz*()`. W*il* t** *V* *n* **visory m*ntion 'Ins**ur* Uns*ri*liz*,' t** *v*il**