[GHSA-45vw-wh46-2vx8] Twig: Arbitrary PHP code execution via _self.(<string>) macro-reference compilation#7805
Conversation
|
Hi there @nicolas-grekas! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
Bot
changed the base branch from
main
to
vladko312/advisory-improvement-7805
|
Is that a common practice to link these? There are many other repos with collections of exploits. Won't this be advertising/helping adversary parties? |
It is common to add at least one source containing an open-source exploit, a payload or a technical analysis (if they exist), as it helps security teams to model / research the vulnerability and assess the impact or mitigations. This greatly benefits the defenders, while adversaries are expected to find the exploit either way. Also, offensive security experts often learn from public payloads which can help them detecting and reporting similar vulnerabilities. This is usually not considered advertisement, as creating payloads requires some research. It is also common for the original discoverer of the vulnerability to publish such a payload alongside a technical overview in coordination with a vendor. In this case, the payload requires some unusual gadgets to obtain code execution, so it would be beneficial for information security community. This would also help differentiate the complexity of this vulnerability from CVE-2026-46633, for which I was unable to obtain execution of the injected code due to tighter restrictions regarding fatal error bypass. |
3 participants
Updates
Comments
Added a link to the exploitation payloads (SSTImap module)