### [CVE-2016-1209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1209)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.

### POC

#### Reference
- http://packetstormsecurity.com/files/137211/WordPress-Ninja-Forms-Unauthenticated-File-Upload.html
- http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilities
- https://wpvulndb.com/vulnerabilities/8485

#### Github
- https://github.com/ACIC-Africa/metasploitable3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Karma47/Cybersecurity_base_project_2
- https://github.com/bharathkanne/csb-2
- https://github.com/maasikai/cybersecuritybase-project-2