exploitDog

CVE-2023-6049

Опубликовано: 15 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog

Ссылки

https://wpscan.com/vulnerability/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:estatik:estatik:*:*:*:*:*:wordpress:*:*

Версия до 4.1.1 (исключая)

EPSS

Процентиль: 77%

0.01069

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-5fvv-qqh5-frx3

CVSS3: 9.8

github

около 2 лет назад

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog

EPSS

Процентиль: 77%

0.01069

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502