### 关键信息 #### 漏洞描述 - **漏洞类型**: Unserialize untrusted data when importing skins - **影响版本**: 1.10, 15.04, 15.10, master - **平台**: 任何平台 - **关键代码位置**: htdocs/skin/import.php 的第200行 - **错误信息**: ``` Object of class __PHP_Incomplete_Class could not be converted to string ``` - **CVE号**: 2017-1000148 #### 修复状态 - **状态**: Fix Released - **优先级**: Critical - **修复版本**: - 16.10.0 - 15.04.8 - 15.10.4 - 16.04.2 #### 修复过程 - **提交人**: Son Nguyen, Robert Lyon - **代码提交**: - 16.04_STABLE 分支: [commit 1f299954f3ffbc26c69e27f000daf8f0e97de457](https://git.mahara.org/mahara/mahara/commit/1f299954f3ffbc26c69e27f000daf8f0e97de457) - 16.04_STABLE 分支: [commit 9d7701e80b24bdbaccb77ae7730ae9c504d1143b](https://git.mahara.org/mahara/mahara/commit/9d7701e80b24bdbaccb77ae7730ae9c504d1143b) - 16.04_STABLE 分支: [commit 3f9514bd6aa9b70457a404cd1b9aa502c261aee](https://git.mahara.org/mahara/mahara/commit/3f9514bd6aa9b70457a404cd1b9aa502c261aee) #### 其他信息 - **漏洞跟踪**: - [reviews.mahara.org/#/c/5579](https://reviews.mahara.org/#/c/5579) - [reviews.mahara.org/677](https://reviews.mahara.org/677) - [reviews.mahara.org/6679](https://reviews.mahara.org/6679) - [reviews.mahara.org/6678](https://reviews.mahara.org/6678)