Lucene search
K

48 matches found

wpexploit
wpexploit
added 2023/01/04 12:0 a.m.122 views

Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS1.1AI score0.01046EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.643 views

Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in the plugin: class Evil public function wakeup : void...

7.2CVSS0.5AI score0.01046EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/22 12:0 a.m.169 views

Anti-Malware Security and Brute-Force Firewall < 4.21.86 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

0.6AI score
Exploits1
wpexploit
wpexploit
added 2022/12/16 12:0 a.m.127 views

Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin: class Evil public...

8.8CVSS0.3AI score0.00922EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/08 12:0 a.m.448 views

White Label CMS < 2.5 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.2AI score0.17686EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.200 views

Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. To simulate a gadget chain, put the following code in a plugin class Evil public...

8.8CVSS0.4AI score0.01903EPSS
Exploits3
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.599 views

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following co...

7.2CVSS0.4AI score0.01126EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/05 12:0 a.m.505 views

LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...

8.1CVSS0.6AI score0.01786EPSS
Exploits2
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.479 views

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.2AI score0.0115EPSS
Exploits2
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.485 views

NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.3AI score0.01091EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/08/31 12:0 a.m.31 views

Debian dla-3090 : php-horde-turba - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3090 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/...

8CVSS8AI score0.70276EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/08/03 12:0 a.m.21 views

Horde Groupware Webmail <= 5.2.22 RCE Vulnerability (May 2022)

Horde Groupware Webmail is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8CVSS8AI score0.70276EPSS
Exploits1References1
OSV
OSV
added 2022/07/28 10:15 p.m.3 views

UBUNTU-CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

8CVSS5.9AI score0.70276EPSS
Exploits1References3
Prion
Prion
added 2022/07/28 10:15 p.m.19 views

Design/Logic Flaw

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

6CVSS8AI score0.70276EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2022/07/28 9:8 p.m.19 views

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

8.2AI score0.70276EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/07/28 9:8 p.m.70 views

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

8CVSS8.1AI score0.70276EPSS
Exploits1
NVD
NVD
added 2022/06/01 10:15 a.m.25 views

CVE-2022-29875

A vulnerability has been identified in Biograph Horizon PET/CT Systems All VJ30 versions VJ30C-UD01, MAGNETOM Family NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A, MAMMOMAT Revelation All VC20 versions VC20D, NAEOTOM Alpha All VA40 versions VA40 SP2, SOMATOM X.cite All versions VA30 SP5 or...

9.8CVSS0.01627EPSS
Exploits0References1
Prion
Prion
added 2022/06/01 10:15 a.m.15 views

Deserialization of untrusted data

A vulnerability has been identified in Biograph Horizon PET/CT Systems All VJ30 versions VJ30C-UD01, MAGNETOM Family NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A, MAMMOMAT Revelation All VC20 versions VC20D, NAEOTOM Alpha All VA40 versions VA40 SP2, SOMATOM X.cite All versions VA30 SP5 or...

9.3CVSS9.4AI score0.01627EPSS
Exploits0References1Affected Software18
Cvelist
Cvelist
added 2022/06/01 9:50 a.m.30 views

CVE-2022-29875

A vulnerability has been identified in Biograph Horizon PET/CT Systems All VJ30 versions VJ30C-UD01, MAGNETOM Family NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A, MAMMOMAT Revelation All VC20 versions VC20D, NAEOTOM Alpha All VA40 versions VA40 SP2, SOMATOM X.cite All versions VA30 SP5 or...

9.7AI score0.01627EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 11:15 a.m.2 views

CVE-2021-37181

A vulnerability has been identified in Cerberus DMS V4.0 All versions, Cerberus DMS V4.1 All versions, Cerberus DMS V4.2 All versions, Cerberus DMS V5.0 All versions v5.0 QU1, Desigo CC Compact V4.0 All versions, Desigo CC Compact V4.1 All versions, Desigo CC Compact V4.2 All versions, Desigo CC...

10CVSS7.5AI score0.0189EPSS
Exploits0References1
Rows per page
Query Builder