CVE-2016-10948

Exploit

EPSS 0.84%
Veröffentlicht 13.09.2019 13:15:10
Zuletzt bearbeitet 21.11.2024 02:45:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Post Indexer <= 3.0.6.1 - PHP Object Injection

The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.

Mögliche Gegenmaßnahme

Post Indexer: Update to version 3.0.6.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Post Indexer

Version [*, 3.0.6.2)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Post Indexer Project ≫ Post Indexer SwPlatformwordpress Version < 3.0.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.725

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://advisories.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/9e43cf06-8356-40cd-a0d8-b9f7ab95d793

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-10948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10948

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-10948