WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

JoomSport < 5.1.8 - Unauthenticated PHP Object Injection

Description

The joomsport_md_load AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE

Proof of Concept

POST /wp-admin/admin-ajax.php
[...]

action=joomsport_md_load&mdId=1&shattr=Tzo0OiJURVNUIjowOnt9

Affects Plugins

joomsport-sports-league-results-management
Fixed in version 5.1.8

References

CVE
CVE-2021-24384

Classification

Type

OBJECT INJECTION

OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Original Researcher

Bugbang

Submitter

Bugbang

Submitter twitter
xBugBang
Verified

Yes

WPVDB ID
fb6c407c-713c-4e83-92ce-4e5f791be696

Timeline

Publicly Published

2021-06-08 (about 1 years ago)

Added

2021-06-08 (about 1 years ago)

Last Updated

2022-01-17 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin