admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-10-11 19:52:54 +08:00 committed by GitHub
parent 71bb448c2d
commit 2c2edfc907
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
GobyVuls-Document.md
View File

@ -13,6 +13,7 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
| **Description** |GiveWP is a very popular WordPress plugin designed for non-profit organizations and individuals to accept online donations. |
| **Impact** | A PHP object injection vulnerability exists in the GiveWP Donation Plugin and Fundraising Platform Plugin for WordPress, affecting all versions up to and including version 3.16.1. The vulnerability is generated by deserializing several parameters (such as 'give_title' and 'card_address') of untrustworthy input. This allows an unauthenticated attacker to inject PHP objects. In addition, the presence of a POP chain allows an attacker to delete arbitrary files and enable remote code execution.
| **Affected versions** |affecting all versions up to and including version 3.16.1
![](https://s3.bmp.ovh/imgs/2024/10/11/c4f2085c1fcb37c8.gif)