We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Remote code execution in case application calls unserialize() on user input containing specially crafted string.
unserialize()
2.0.38
Add the following to BatchQueryResult.php:
public function __sleep() { throw new \BadMethodCallException('Cannot serialize '.__CLASS__); } public function __wakeup() { throw new \BadMethodCallException('Cannot unserialize '.__CLASS__); }
If you have any questions or comments about this advisory, contact us through security form.
Impact
Remote code execution in case application calls
unserialize()on user input containing specially crafted string.Patches
2.0.38
Workarounds
Add the following to BatchQueryResult.php:
For more information
If you have any questions or comments about this advisory, contact us through security form.