The Unserialize() function is used multiple times in the code, for example when importing custom surveys. This could allow a malicious administrator to import a crafted JSON to trigger a PHP Object Injection vulnerability
{ "name":"Open Text Answer Sample", "id":"924478511", "options":"[]", "global":"0", "start_time":"0000-00-00 00:00:00", "expiry_time":"0000-00-00 00:00:00", "export_time":"2020-12-21 01:08", "questions":{ "1":{ "name":"How fast is our support? [-]", "count":0, "qoptions":"O:21:\"Object_Injection_func\":0:{}", "1":{ "answer":"Very slow [Speed]", "count":"0", "aoptions":"O:21:\"Object_Injection_func\":0:{}", "percentage":"0", "uniqueid":"2646920000000" } } } }
Pagely
John Castro
Yes
2021-01-08 (about 2 years ago)
2021-01-08 (about 2 years ago)
2021-01-10 (about 2 years ago)