Miggo Logo

CVE-2020-12469: Subrion CMS PHP Object Injection

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.36973%
Published
5/24/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
intelliants/subrioncomposer<= 4.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper deserialization of user-controlled input in the 'subpages' parameter. The exploit requires sending serialized data to blocks/edit endpoint, which gets processed by unserialize() in admin/blocks.php. This matches the PHP object injection pattern where unserialize() is called on untrusted data (CWE-502). The proof-of-concept demonstrates direct manipulation of serialized data leading to file deletion, confirming the insecure use of unserialize().

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**min/*lo*ks.p*p in Su*rion *MS t*rou** *.*.* *llows P*P O*j**t Inj**tion (wit* r*sult*nt *il* **l*tion) vi* s*ri*liz** **t* in t** su*p***s v*lu* wit*in * *lo*k to *lo*ks/**it.

Reasoning

T** vuln*r**ility st*ms *rom improp*r **s*ri*liz*tion o* us*r-*ontroll** input in t** 'su*p***s' p*r*m*t*r. T** *xploit r*quir*s s*n*in* s*ri*liz** **t* to `*lo*ks/**it` *n*point, w*i** **ts pro**ss** *y `uns*ri*liz*()` in `**min/*lo*ks.p*p`. T*is m*