Discuz!ML v.3.X Code Injection Vulnerability

vot

Discuz!ML v.3.X Code Injection Vulnerability

The vulnerability was found: 2019-07-18
Common Vulnerabilities and Exposures (CVE) Database ID: CVE-2019-13956

Vulnerability Description:

Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().';
(if the random prefix 4gH4_0df5_ were used).

Vulnerability Status:

Was solved 2019-11-11 in Discuz!ML v.3.4 revision 922.

How to solve the problem:

Just upgrade your Discuz!ML to the latest  version and revision!

If you can not upgrade your installation, try to modify the code manually by yourself:

1) Open file "source/class/discuz/discuz_application.php" for edit.
2) find the lines:

1.         // set language from cookies
   
2.          if($this->var['cookie']['language']) {
   
3. <div>                 $lng = strtolower($this->var['cookie']['language']);</div>

Copy the Code

3) Add the code below:

1.                 if(!isset($this->var['config']['languages'][$lng])) {
   
2.                     $lng = '';
   
3.                 }
   

Copy the Code

4) Save the file!

5) Enjoy