{"id":32549,"date":"2025-12-23T11:54:38","date_gmt":"2025-12-23T11:54:38","guid":{"rendered":"http:\/\/localhost\/?p=32549"},"modified":"2025-12-23T11:54:38","modified_gmt":"2025-12-23T11:54:38","slug":"pkp-wal-350-1-basecolour-less-code-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=32549","title":{"rendered":"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267"},"content":{"rendered":"

{“lastseen”:”2025-12-23T17:14:31″,”description”:”PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability…”,”published”:”2025-12-23T00:00:00″,”modified”:”2025-12-23T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:213267″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67893″],”sourceData”:”—————————————————————–\\n PKP-WAL \\u003c= 3.5.0-1 (baseColour) LESS Code Injection Vulnerability\\n —————————————————————–\\n \\n \\n [-] Software Links:\\n \\n https:\/\/pkp.sfu.ca\\n https:\/\/github.com\/pkp\/pkp-lib\\n \\n \\n [-] Affected Versions:\\n \\n PKP Web Application Library (aka PKP-WAL or pkp-lib) version 3.4.0-9\\n and prior versions, and version 3.5.0-1 and prior versions, as used in\\n Open Journal Systems (OJS), Open Monograph Press (OMP), and Open\\n Preprint Systems (OPS).\\n \\n \\n [-] Vulnerability Description:\\n \\n The vulnerability exists within the PKPTemplateManager::compileLess()\\n method. This will call the Less_Parser::parse() method by using the\\n \\”addLessVariables\\”, which can be manipulated when updating \\”Theme\\n Settings\\”. Specifically, user input passed through the \\”baseColour\\”\\n parameter to the …\/api\/v1\/contexts\/1\/theme API endpoint is not\\n properly sanitized before being added to the \\”addLessVariables\\”, and\\n this can be exploited to perform LESS Code Injection attacks,\\n subsequently leading to SSRF or Local File Read attacks.\\n \\n Successful exploitation of this vulnerability requires an account with\\n permissions to access the …\/api\/v1\/institutions API endpoint, such\\n as a \\”Journal Editor\\” or \\”Production Editor\\” user account on OJS.\\n \\n \\n [-] Solution:\\n \\n Upgrade to versions 3.4.0-10, 3.5.0-2, or later.\\n \\n \\n [-] Disclosure Timeline:\\n \\n [21\/10\/2025] – Vendor notified\\n [24\/10\/2025] – Vendor fixed the issue and opened a public GitHub\\n issue: https:\/\/github.com\/pkp\/pkp-lib\/issues\/11974\\n [12\/11\/2025] – CVE identifier requested\\n [20\/11\/2025] – Version 3.3.0-22 released\\n [22\/11\/2025] – Version 3.4.0-10 released\\n [12\/12\/2025] – CVE identifier assigned\\n [29\/11\/2025] – Version 3.5.0-2 released\\n [23\/12\/2025] – Publication of this advisory\\n \\n \\n [-] CVE Reference:\\n \\n The Common Vulnerabilities and Exposures program (cve.org) has\\n assigned the name CVE-2025-67893 to this vulnerability.\\n \\n \\n [-] Credits:\\n \\n Vulnerability discovered by Egidio Romano.\\n \\n \\n [-] Original Advisory:\\n \\n http:\/\/karmainsecurity.com\/KIS-2025-12″,”sourceHref”:”https:\/\/packetstorm.news\/download\/213267″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/213267\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-23T17:14:31″,”description”:”PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability…”,”published”:”2025-12-23T00:00:00″,”modified”:”2025-12-23T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:213267″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67893″],”sourceData”:”—————————————————————–\\n PKP-WAL \\u003c= 3.5.0-1 (baseColour) LESS…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-32549","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=32549\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-23T17:14:31″,”description”:”PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability…”,”published”:”2025-12-23T00:00:00″,”modified”:”2025-12-23T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:213267″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67893″],”sourceData”:”—————————————————————–n PKP-WAL u003c= 3.5.0-1 (baseColour) LESS...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=32549\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-23T11:54:38+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=32549#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=32549\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267\",\"datePublished\":\"2025-12-23T11:54:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=32549\"},\"wordCount\":447,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=32549#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=32549\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=32549\",\"name\":\"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-23T11:54:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=32549#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=32549\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=32549#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=32549","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267 - zero redgem","og_description":"{“lastseen”:”2025-12-23T17:14:31″,”description”:”PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability…”,”published”:”2025-12-23T00:00:00″,”modified”:”2025-12-23T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:213267″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67893″],”sourceData”:”—————————————————————–n PKP-WAL u003c= 3.5.0-1 (baseColour) LESS...","og_url":"https:\/\/zero.redgem.net\/?p=32549","og_site_name":"zero redgem","article_published_time":"2025-12-23T11:54:38+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=32549#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=32549"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267","datePublished":"2025-12-23T11:54:38+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=32549"},"wordCount":447,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=32549#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=32549","url":"https:\/\/zero.redgem.net\/?p=32549","name":"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-23T11:54:38+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=32549#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=32549"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=32549#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 PKP-WAL 3.5.0-1 baseColour LESS Code Injection_PACKETSTORM:213267"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/32549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=32549"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/32549\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=32549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=32549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=32549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}