GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]

Posted by Taoguang Chen on Jan 22

#GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE
Vulnerability]

Taoguang Chen <[@chtg57](https://twitter.com/chtg57)> – Write Date:
2015.4.28 – Release Date: 2017.1.20

Affected Versions
————
Affected is PHP 5.6 < 5.6.30

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————
gmp.c
“`
static int gmp_unserialize(zval **object, zend_class_entry *ce, const
unsigned…

007 Software