From this webpage screenshot, the following key information about the vulnerability can be extracted: - **Title**: phpwcms 1.10.8 phar deserialization vulnerability - **Description**: - The phpwcms content management system contains a PHP object injection vulnerability in the feedimport module, triggered by deserializing untrusted input. - Attackers can exploit this by providing a malicious PHAR URL via the `cat_text` parameter, triggering PHP’s deserialization mechanism. - This vulnerability allows attackers to inject PHP objects using directory traversal patterns (e.g., `../../../`). - No POP (Property-Object-Property) chain has been identified within the current application, meaning the impact may be limited unless other components contain vulnerable targets. - If a POP chain is introduced via additional components, attackers may be able to delete files, access sensitive information, or execute arbitrary code, depending on the available gadgets. - The attack requires a valid CSRF token to be included in the request. - **Source**: [https://github.com/zer0n3/reports/blob/main/phpwcms/phar%20vulnerability/%20in%20phpwcms.md](https://github.com/zer0n3/reports/blob/main/phpwcms/phar%20vulnerability/%20in%20phpwcms.md) - **Submitter**: Cam0 (UID:55595) - **Submission Date**: July 25, 2020, 16:33 AM - **Review Date**: July 27, 2020, 14:44 AM - **Status**: Reviewed - **VulDB Entry**: [stapleware phpwcms up to 1.9.85/1.10.0 FeedImport Module processing in php cat_text deserialization] - **Points**: 20