CVE-2016-10948

Exploit

EPSS 1.72%
Veröffentlicht 13.09.2019 13:15:10
Zuletzt bearbeitet 21.11.2024 02:45:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Post Indexer <= 3.0.6.1 - PHP Object Injection

The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.

Mögliche Gegenmaßnahme

Post Indexer: Update to version 3.0.6.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Post Indexer Project ≫ Post Indexer SwPlatformwordpress Version < 3.0.6.2

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Post Indexer

Version [*, 3.0.6.2)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.72%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://advisories.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/9e43cf06-8356-40cd-a0d8-b9f7ab95d793

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-10948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10948

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-10948