{ "id": "CVE-2021-24307", "sourceIdentifier": "contact@wpscan.com", "published": "2021-05-24T11:15:08.350", "lastModified": "2022-05-03T13:05:28.423", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with \"aioseo_tools_settings\" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section \"Tool > Import/Export\". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution." }, { "lang": "es", "value": "All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve Your SEO Rankings versiones anteriores a 4.1.0.2 permite a usuarios autenticados con el privilegio \"aioseo_tools_settings\" (la mayor\u00eda de las veces administrador) ejecutar c\u00f3digo arbitrario en el host subyacente. Los usuarios pueden restaurar la configuraci\u00f3n del plugin al cargar un archivo .ini de respaldo en la secci\u00f3n \"Tool ) Import/Export\". Sin embargo, el plugin intenta anular la serializaci\u00f3n de los valores del archivo .ini. Adem\u00e1s, el plugin incorpora la biblioteca Monolog que puede ser usada para dise\u00f1ar una cadena de dispositivos y, por lo tanto, desencadenar una ejecuci\u00f3n de comandos del sistema" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-502" } ] }, { "source": "contact@wpscan.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-502" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "4.1.0.2", "matchCriteriaId": "23F0DE8A-3D20-47E8-A04E-176CB617E919" } ] } ] } ], "references": [ { "url": "https://aioseo.com/changelog/", "source": "contact@wpscan.com", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1", "source": "contact@wpscan.com", "tags": [ "Exploit", "Third Party Advisory" ] } ] }