CVE-2016-4825

Опубликовано: 25 июн. 2016

Источник: nvd

CVSS3: 5.6

CVSS2: 6.8

EPSS Низкий

Описание

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.

Ссылки

http://jvn.jp/en/jp/JVN47363774/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000115
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.welcart.com/community/archives/78977
Vendor Advisory
http://jvn.jp/en/jp/JVN47363774/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000115
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.welcart.com/community/archives/78977
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:*

Версия до 1.8.3 (исключая)

EPSS

Процентиль: 93%

0.09545

Низкий

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-fx3h-5xv5-mvwq