Vulnerability-Lookup

CNVD-2023-97695

Vulnerability from cnvd - Published: 2023-12-15

Title

PHPEMS反序列化漏洞

Description

PHPEMS是一个PHP在线模拟考试系统。 PHPEMS存在反序列化漏洞，该漏洞源于lib/session.cls.php在接收用户提交的序列化数据的不安全反序列化处理，攻击者可利用该漏洞导致代码执行。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://vuldb.com/?id.247357

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-6654

Impacted products

Name
['PHPEMS PHPEMS 7.0', 'PHPEMS PHPEMS 6.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-6654",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-6654"
    }
  },
  "description": "PHPEMS\u662f\u4e00\u4e2aPHP\u5728\u7ebf\u6a21\u62df\u8003\u8bd5\u7cfb\u7edf\u3002\n\nPHPEMS\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8elib/session.cls.php\u5728\u63a5\u6536\u7528\u6237\u63d0\u4ea4\u7684\u5e8f\u5217\u5316\u6570\u636e\u7684\u4e0d\u5b89\u5168\u53cd\u5e8f\u5217\u5316\u5904\u7406\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://vuldb.com/?id.247357",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-97695",
  "openTime": "2023-12-15",
  "products": {
    "product": [
      "PHPEMS PHPEMS 7.0",
      "PHPEMS PHPEMS 6.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-6654",
  "serverity": "\u4e2d",
  "submitTime": "2023-12-13",
  "title": "PHPEMS\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e"
}

CVE-2023-6654 (GCVE-0-2023-6654)

Vulnerability from cvelistv5 – Published: 2023-12-10 15:00 – Updated: 2024-08-28 15:18

Title

PHPEMS Session Data session.cls.php deserialization

Summary

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-502 - Deserialization

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.247357	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.247357	signaturepermissions-required
	https://note.zhaoj.in/share/jw4Hp9cq7T69	broken-linkexploit

Impacted products

	Vendor	Product	Version
	n/a	PHPEMS	Affected: 6.x Affected: 7.x Affected: 8.x Affected: 9.0

Credits

glzjin (VulDB User) glzjin (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.247357"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.247357"
          },
          {
            "tags": [
              "broken-link",
              "exploit",
              "x_transferred"
            ],
            "url": "https://note.zhaoj.in/share/jw4Hp9cq7T69"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:phpems:phpems:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "phpems",
            "vendor": "phpems",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              },
              {
                "status": "affected",
                "version": "9.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T15:16:17.964371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T15:18:27.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Session Data Handler"
          ],
          "product": "PHPEMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.x"
            },
            {
              "status": "affected",
              "version": "7.x"
            },
            {
              "status": "affected",
              "version": "8.x"
            },
            {
              "status": "affected",
              "version": "9.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "glzjin (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "glzjin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "In PHPEMS 6.x/7.x/8.x/9.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung in der Bibliothek lib/session.cls.php der Komponente Session Data Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T07:26:05.925Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.247357"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.247357"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://note.zhaoj.in/share/jw4Hp9cq7T69"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-09T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-12-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-01-11T16:41:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "PHPEMS Session Data session.cls.php deserialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-6654",
    "datePublished": "2023-12-10T15:00:05.030Z",
    "dateReserved": "2023-12-09T20:39:55.056Z",
    "dateUpdated": "2024-08-28T15:18:27.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-97695

CVE-2023-6654 (GCVE-0-2023-6654)

Tags

Sightings

Nomenclature