### Key Information #### Vulnerability Description - **Vulnerability Type**: Unserialize untrusted data when importing skins - **Affected Versions**: 1.10, 15.04, 15.10, master - **Platform**: Any platform - **Critical Code Location**: Line 200 in htdocs/skin/import.php - **Error Message**: ``` Object of class __PHP_Incomplete_Class could not be converted to string ``` - **CVE ID**: 2017-1000148 #### Fix Status - **Status**: Fix Released - **Priority**: Critical - **Fixed Versions**: - 16.10.0 - 15.04.8 - 15.10.4 一 16.04.2 #### Fix Process - **Contributors**: Son Nguyen, Robert Lyon - **Code Commits**: - 16.04_STABLE branch: [commit 1f299954f3ffbc26c69e27f000daf8f0e97de457](https://git.mahara.org/mahara/mahara/commit/1f299954f3ffbc26c69e27f000daf8f0e97de457) - 16.04_STABLE branch: [commit 9d7701e80b24bdbaccb77ae7730ae9c504d1143b](https://git.mahara.org/mahara/mahara/commit/9d7701e80b24bdbaccb77ae7730ae9c504d1143b) - 16.04_STABLE branch: [commit 3f9514bd6aa9b70457a404cd1b9aa502c261aee](https://git.mahara.org/mahara/mahara/commit/3f9514bd6aa9b70457a404cd1b9aa502c261aee) #### Additional Information - **Vulnerability Tracking**: - [reviews.mahara.org/#/c/5579](https://reviews.mahara.org/#/c/5579) - [reviews.mahara.org/677](https://reviews.mahara.org/677) - [reviews.mahara.org/6679](https://reviews.mahara.org/6679) - [reviews.mahara.org/6678](https://reviews.mahara.org/6678)