CVE-2021-24384
JoomSport < 5.1.8 - Unauthenticated PHP Object Injection
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
06 jul 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
Productos afectados
Unknown · JoomSport – for Sports: Team & League, Football, Hockey & more¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →