admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-30xx/CVE-2024-3054.json

52 lines
3.1 KiB
JSON
Raw Normal View History

Auto-Update: 2024-04-12T12:00:39.971702+00:00
2024-04-12 12:03:29 +00:00
{
"id": "CVE-2024-3054",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-12T10:15:08.670",
Auto-Update: 2024-04-12T14:00:38.698881+00:00
2024-04-12 14:03:28 +00:00
"lastModified": "2024-04-12T12:43:46.210",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
Auto-Update: 2024-04-12T12:00:39.971702+00:00
2024-04-12 12:03:29 +00:00
"descriptions": [
{
"lang": "en",
"value": "WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
Auto-Update: 2024-04-21T02:00:30.106734+00:00
2024-04-21 02:03:21 +00:00
},
{
"lang": "es",
"value": "El complemento WPvivid Backup & Migration para WordPress es vulnerable a la deserializaci\u00f3n PHAR en todas las versiones hasta la 0.9.99 incluida a trav\u00e9s de la deserializaci\u00f3n de entradas que no son de confianza en la acci\u00f3n wpvividstg_get_custom_exclude_path_free. Esto se debe a que el complemento no proporciona suficiente validaci\u00f3n de ruta en el par\u00e1metro tree_node[nodo][id]. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, llamen archivos usando un contenedor PHAR que deserializar\u00e1 los datos y llamar\u00e1 objetos PHP arbitrarios. No hay ninguna cadena POP presente en el complemento vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo."
Auto-Update: 2024-04-12T12:00:39.971702+00:00
2024-04-12 12:03:29 +00:00
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3067224%40wpvivid-backuprestore&new=3067224%40wpvivid-backuprestore&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf26fc68-9fd4-4e4e-b34f-c947d95891f9?source=cve",
"source": "security@wordfence.com"
}
]
}
Reference in New Issue Copy Permalink