exploitDog

CVE-2022-2903

Опубликовано: 26 сент. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

Ссылки

https://wpscan.com/vulnerability/255b98ba-5da9-4424-a7e9-c438d8905864
Exploit
Patch
Third Party Advisory
https://wpscan.com/vulnerability/255b98ba-5da9-4424-a7e9-c438d8905864
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*

Версия до 3.6.13 (исключая)

EPSS

Процентиль: 73%

0.00783

Низкий

7.2 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-h596-wmq7-7vpq

CVSS3: 7.2

github

больше 3 лет назад

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

EPSS

Процентиль: 73%

0.00783

Низкий

7.2 High

CVSS3

Дефекты

CWE-502