WordPress Plugin Vulnerabilities
JoomSport < 5.1.8 - Unauthenticated PHP Object Injection
Description
The joomsport_md_load AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
Proof of Concept
POST /wp-admin/admin-ajax.php [...] action=joomsport_md_load&mdId=1&shattr=Tzo0OiJURVNUIjowOnt9
Affects Plugins
References
CVE
Classification
Type
OBJECT INJECTION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Bugbang
Submitter
Bugbang
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-06-08 (about 2 years ago)
Added
2021-06-08 (about 2 years ago)
Last Updated
2022-01-17 (about 2 years ago)