exploitDog

CVE-2020-36726

Опубликовано: 07 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:etoilewebdesign:ultimate_reviews:*:*:*:*:*:wordpress:*:*

Версия до 2.1.32 (включая)

EPSS

Процентиль: 73%

0.00765

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-p7jf-6m2v-3ffq

CVSS3: 9.8

github

больше 2 лет назад

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.

EPSS

Процентиль: 73%

0.00765

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502