Mirhossein Rahmani

Hi! Thank you @1nhann @GlitchWitch for sharing this, This is a guzzle POP chain (file write) and has been public for years. For example: https://github.com/ambionics/phpggc/commit/911dbb541233de733134caed872f4cc9fc9efd71#diff-440f971a668a7be90201d1ee799993d495af0eb2673c7fde1b58918bcf019fa4 in 2017. In any software...

It seems the NVD has assigned a **critical** severity to this POP chain (5/24/2022). CVSS3.1: 9.8/10 [link](https://nvd.nist.gov/vuln/detail/CVE-2022-30779) Also, it's NOT the first time that MITRE assigns a CVE for a...

@darakian Thank you!

> Hello !, Is this vulnerability fixed yet and does it only concern the 9.1.8 laravel version ? Hello @arijgr, This isn't a vulnerability, just a GC. If you don't...

Hello, Finally, I decided to contact MITRE about this issue on Monday. Also, I found similar issues: CVE-2021-43503 GitHub Reviewed :-| CVE-2022-34943 CVE-2021-37298 + CVE-2022-31279 GitHub Reviewed :-| CVE-2022-30779 CVE-2022-30778...

> NVD issues CVE or MITRE ? :-/ MITRE.

> Hello, > > Finally, I decided to contact MITRE about this issue on Monday. > > Also, I found similar issues: [CVE-2021-43503](https://github.com/advisories/GHSA-86r3-4gq8-xw8q) GitHub Reviewed :-| [CVE-2022-34943](https://github.com/advisories/GHSA-vqg9-2p7h-mvpq) [CVE-2021-37298](https://github.com/advisories/GHSA-6v7r-rprm-9cxf) + [CVE-2022-31279](https://github.com/advisories/GHSA-vv7q-mfpc-qgm5)...

Hello, Dear @1nhann, When I was investigating POP-related CVEs, I found out almost all of them were requested by our Chinese friends and it has started in 2019. Would you...

@1nhann Thank you for sharing this POP chain, Similar to [Laravel/RCE1](https://github.com/ambionics/phpggc/blob/master/gadgetchains/Laravel/RCE/1/gadgets.php) but your trick (`__wakeup` bypass) is very good. 👍

Hello @jwjenkin, All POP chains are security issues if we pass untrusted user input to the `unserialize` function. For PHP