The vulnerable code is located in /includes/classes/class.ad
The function sortableTableInit() passes S_COOKIE data to unserialize function without sanitizing it.
Code on Line 711
$sortdata = (isset( $_COOKIE["sortdata"] ) ? $_COOKIE["sortdata"] : "");
$sortdata = unserialize( base64_decode( $sortdata ) );
User input passed through the Cookies is not properly sanitized before being used in
an unserialize() call at line 711. This can be exploited to inject arbitrary PHP objects into the
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.Get Access
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
When asked, what has been your best career decision?
Deciding to stick with EE.
Being involved with EE helped me to grow personally and professionally.
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Connect with Certified Experts to gain insight and support on specific technology challenges including: