exploitDog

CVE-2022-4120

Опубликовано: 26 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain

Ссылки

https://wpscan.com/vulnerability/e8bb79db-ef77-43be-b449-4c4b5310eedf
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e8bb79db-ef77-43be-b449-4c4b5310eedf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trumani:stop_spammers:*:*:*:*:*:wordpress:*:*

Версия до 2022.6 (исключая)

EPSS

Процентиль: 92%

0.07685

Низкий

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-7x93-m29h-6j9q

CVSS3: 9.8

github

около 3 лет назад

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain

EPSS

Процентиль: 92%

0.07685

Низкий

9.8 Critical

CVSS3

Дефекты