CVEs-PoC/2024/CVE-2024-5932.md at 8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-13 01:44:43 +02:00

Files

T

0xMarcio e8c9fd6e2f Update CVE sources 2024-08-23 18:19

2024-08-23 18:19:28 +00:00

Description

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.

POC

Reference

https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/

Github

https://github.com/20142995/nuclei-templates
https://github.com/Ostorlab/KEV
https://github.com/nomi-sec/PoC-in-GitHub

1.2 KiB Raw Blame History Unescape Escape

CVE-2024-5932

Description

POC

Reference

Github

1.2 KiB

Raw Blame History