Suspected security holes PHP exploits files?
FYI, the hosting company has flagged some of the theme files, please see the attached screenshot.
"Suspected security holes PHP exploits files".
For example, in class-mfn-builder-front.php they're saying: "Detected a risk level 5 of 5 threat".
Line #198
$mfn_items = unserialize(call_user_func('base'.'64_decode', $mfn_items));
Line #273
$refresh_content = unserialize( call_user_func('base'.'64_decode', $refresh_content) );
Line #768
$refresh_content = unserialize( call_user_func('base'.'64_decode', $refresh_content) );
Running Betheme v. 26.6.1.
Thanks
Comments
Hello,
Function unserialize is potentially unsafe if it is used for untrusted user input.
In that case, data are not put by a user, but they are generated by our builder, so they are completely safe.
Best regards