exploitDog

CVE-2018-1000509

Опубликовано: 26 июн. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.

Ссылки

https://advisories.dxw.com/advisories/unserialization-redirection/
Exploit
Third Party Advisory
https://advisories.dxw.com/advisories/unserialization-redirection/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redirection:redirection:2.7.1:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 74%

0.00846

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-f85q-26xg-xvqx

CVSS3: 7.2

github

больше 3 лет назад

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.

EPSS

Процентиль: 74%

0.00846

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502