Lucene search

K
patchstackLVT-tholv2kPATCHSTACK:4712DEFD5C7DC576F43C284A5BEB5810
HistoryOct 09, 2024 - 12:00 a.m.

WordPress Disc Golf Manager Plugin <= 1.0.0 is vulnerable to PHP Object Injection

2024-10-0900:00:00
LVT-tholv2k
patchstack.com
3
disc golf manager
plugin
vulnerable version
owasp top 10
injection
cve-2024-48026
patch priority
cvss severity
developer
unauthenticated
mitigation
resolution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0

Percentile

9.7%

Software

Disc Golf Manager

Type

Plugin

Vulnerable versions

<= 1.0.0

Fixed in

N/A

OWASP Top 10

A3: Injection

Classification

PHP Object Injection

CVE

CVE-2024-48026

Patch priority

High

CVSS severity

High (9.8)

Developer

Claim ownership

PSID

ad0f79b4fc3a

Credits

LVT-tholv2k LVT-tholv2k

Required privilege

Unauthenticated

Published

9 October, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
-disc_golf_managerRange1.0.0
VendorProductVersionCPE
-disc_golf_manager*cpe:2.3:a:-:disc_golf_manager:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0

Percentile

9.7%

Related for PATCHSTACK:4712DEFD5C7DC576F43C284A5BEB5810