Lucene search
Do Xuan TrungWPVDB-ID:421194E1-6C3F-4972-8F3C-DE1B9D2BCB13HistorySep 19, 2023 - 12:00 a.m.
Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
2023-09-1900:00:00
Do Xuan Trung
wpscan.com
8
weaver xtreme theme
support
version 6.3.1
admin
php
object injection
unserialised content
high privilege user
malicious file
gadget chain
blog
poc
class test
arbitrary deserialization
poc.txt
upload
choose file
restore filter options
vulnerability
EPSS
0.001
Percentile
24.2%
Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.
PoC
To simulate a gadget chain, put the following code in a plugin: class Test { public function __wakeup() : void { die(“Arbitrary deserialization”); } } Create a file named “poc.txt” with the following content: O:4:“Test”:0:{}; Upload the file via the “Choose File” feature in Weaver Xtreme Theme Support > Filters Then choose Restore Filter Options. The view the response of the request made, which will have the “Arbitrary deserialization” message.
Related
cvelist
cvelist
nvd
nvd
CVE-2023-4971
2023-10-16 20:15:17
cve
cve
CVE-2023-4971
2023-10-16 20:15:17
wpexploit
wpexploit
Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
2023-09-19 00:00:00
prion
prion
Design/Logic Flaw
2023-10-16 20:15:00
wordfence
wordfence