Описание
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.1 (исключая)
cpe:2.3:a:splashing_images_project:splashing_images:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 90%
0.05847
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-1321
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.
EPSS
Процентиль: 90%
0.05847
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-1321