Using Wordpress for your website? Your site could be at risk.
The risk of unserializing attacker-controlled data in PHP has been well known since Stefan Essar first presented the issue in detail in 2009. This topic is closely associated with similar vulnerabilities in other languages (see CWE-502 and CWE-915). Recent years have also seen several vulnerabilities in the native code implementing unserialization (CVE-2017-12934, CVE-2017-12933, CVE-2017- 12932 et al.) further demonstrating the risk of exposing unserialization to attacker-controlled data.
This paper will present a novel attack technique specific to PHP which can cause unserialization to occur in a variety of exploitation scenarios. The technique can be used when an XXE vulnerability occurs, as well as such circumstance that would typically be considered an SSRF vulnerability and in a number of other scenarios where the vulnerability would previously have been considered an information disclosure issue.