exploitDog

CVE-2022-3417

Опубликовано: 09 янв. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.

Ссылки

https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bravenewcode:wptouch:*:*:*:*:*:wordpress:*:*

Версия до 4.3.45 (исключая)

EPSS

Процентиль: 71%

0.00691

Низкий

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-6rpp-h47m-wx9v

CVSS3: 8.8

github

около 3 лет назад

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.

EPSS

Процентиль: 71%

0.00691

Низкий

8.8 High

CVSS3

Дефекты