mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-23 06:39:42 +02:00
0xMarcio
985 B
985 B
CVE-2021-24579
Description
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.