admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-7351.md

19 lines
1.1 KiB
Markdown
Raw Normal View History

Update CVE sources 2024-08-24 17:55
2024-08-24 17:55:21 +00:00
### [CVE-2024-7351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7351)
![](https://img.shields.io/static/v1?label=Product&message=Simple%20Job%20Board&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.12.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
### Description
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
### POC
#### Reference
No PoCs from references.
#### Github
Update CVE sources 2024-08-25 17:33
2024-08-25 17:33:10 +00:00
- https://github.com/20142995/nuclei-templates
Update CVE sources 2024-08-24 17:55
2024-08-24 17:55:21 +00:00
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink