Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30211
HistoryJan 09, 2014 - 12:00 a.m.

LiveZilla 5.1.2.0 PHP Object Injection

2014-01-0900:00:00
vulners.com
26
JSON

Author: Jakub Zoczek [[email protected]]
CVE Reference: CVE-2013-7034
Product: LiveZilla
Vendor: LiveZilla GmbH [http://livezilla.net]
Affected version: 5.1.2.0
Severity: Medium
CVSSv2 Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Status: Fixed

0x01 Background

LiveZilla, the widely-used and trusted Live Help and Live Support System.

0x02 Description

LiveZilla in version 5.1.2.0 is prone to remote PHP Object Injection. Attacker is able to inject existing class instances using user-controled livezilla cookie which is simply base64 encoded, serialized php object. This may end with unspecified behavior of application, depends on context.

Vulnerable file: _lib/functions.global.inc.php , function: setCookieValue()

0x03 Proof of Concept

Won't provide.

0x04 Fix

Vulnerability was fixed in LiveZilla 5.1.2.1 version.

0x05 Timeline

08.12.2013 - Vendor notified
09.12.2013 - Vendor responded with informations about planned release
10.12.2013 - Version 5.1.2.1 released
15.12.2013 - Public Disclosure

Related

openvas 1
cve 1
prion 1
nessus 1
securityvulns 1
openvas
openvas
LiveZilla PHP Object Injection Vulnerability
2014-05-21 00:00:00
cve
cve
CVE-2013-7034
2014-05-05 17:06:00
prion
prion
Code injection
2014-05-05 17:06:00
nessus
nessus
LiveZilla < 5.1.2.1 Multiple Vulnerabilities
2013-12-18 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-01-09 00:00:00
JSON
Related for SECURITYVULNS:DOC:30211
openvas1cve1prion1nessus1securityvulns1