Lucene search

K
wpvulndbBugbangWPVDB-ID:FB6C407C-713C-4E83-92CE-4E5F791BE696
HistoryJun 08, 2021 - 12:00 a.m.

JoomSport < 5.1.8 - Unauthenticated PHP Object Injection

2021-06-0800:00:00
Bugbang
wpscan.com
10

0.006 Low

EPSS

Percentile

78.2%

The joomsport_md_load AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE

PoC

POST /wp-admin/admin-ajax.php […] action=joomsport_md_load&mdId;=1&shattr;=Tzo0OiJURVNUIjowOnt9

0.006 Low

EPSS

Percentile

78.2%

Related for WPVDB-ID:FB6C407C-713C-4E83-92CE-4E5F791BE696