Lucene search
Nguyen Duy Quoc KhanhWPVDB-ID:0C9F22E0-1D46-4957-9BA5-5CCA78861136HistoryNov 07, 2022 - 12:00 a.m.
Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection
2022-11-0700:00:00
Nguyen Duy Quoc Khanh
wpscan.com
25
woocommerce
php object injection
admin privileges
0.001 Low
EPSS
Percentile
43.1%
The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
PoC
To simulate a gadget chain, put the following code in a plugin class Evil { public function __wakeup() : void { die(“Arbitrary deserialization”); } } Then import the following payload via WooCommerce > Checkout Form > Advanced Settings > Backup and Import Settings: Tzo0OiJFdmlsIjowOnt9Ow== Tzo0OiJFdmlsIjowOnt9Ow== being the base64 encode of serialized object: O:4:“Evil”:0:{};
| CPE | Name | Operator | Version |
|---|---|---|---|
| woo-checkout-field-editor-pro | lt | 1.8.0 |
Related
openvas
openvas
cnvd
cnvd
prion
prion
Design/Logic Flaw
2022-11-28 14:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-3490
2022-11-28 14:15:12
patchstack
patchstack
cve
cve
CVE-2022-3490
2022-11-28 14:15:12
wpexploit
wpexploit
Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection
2022-11-07 00:00:00