Potential High Importance - Cerebrate crash, locked out on the error code, possibly affecting other users

[skiddie0057]

Dear Cerebrate team

As I was testing cerebrate I noticed that the application drops a 500 (internal server error) status code when editing bookmark info so I went poking around.

All I had to do is set my ui.bookmarks value to [][] and it crashed the whole service and I cannot log back in. I assume this isnt the case for other users? In case it is, this is important to fix as soon as possible.

Here is the description of the bug:
When editing my bookmark value trough burpsuite (modifying the request) – putting the value from [] (which seems to be default) to [][] causes an error that cannot be bypassed by logging back in.

------WebKitFormBoundary95s3y2rpKQ9XevLE
Content-Disposition: form-data; name="user_id"

87 -> my user ID, there is an issue here too, by default the user id is 0 or 1 meaning the wrong user id, i changed this to myself manually and it fixed the problems with modification issues (anothing thing you should fix, it should be an easy fix). Howerver then this issue happened ,below
------WebKitFormBoundary95s3y2rpKQ9XevLE
Content-Disposition: form-data; name="name"

ui.bookmarks
------WebKitFormBoundary95s3y2rpKQ9XevLE
Content-Disposition: form-data; name="value"

[][] -> causes the crash “““array_map(): Argument #2 ($array) must be of type array, null given“““
Fix? Easy. Just change it back to [] or whatever default value is, it should be []

---

Please set the value of my bookmark to a default one to fix the issue. If the issue affected other users too - this should be an urgent fix.

Kindest regards,

F.O.

[iglocska]

Yeah, that definitely sounds like a bug, on multiple fronts:

• the user ID passed should not be 0/1 obviously
• we should gracefully handle invalid data in the bookmarks