CVEs-PoC/2021/CVE-2021-24307.md

### [CVE-2021-24307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24307)
![](https://img.shields.io/static/v1?label=Product&message=All%20in%20One%20SEO%20%E2%80%93%20Best%20WordPress%20SEO%20Plugin%20%E2%80%93%20Easily%20Improve%20Your%20SEO%20Rankings&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4.1.0.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brightgreen)

### Description

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution.

### POC

#### Reference
- https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1

#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Frostube/SWAT-WebOps-Red-Blue-Team-Exploitation-Defense-Toolkit
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/WhooAmii/POC_to_review
- https://github.com/darkpills/CVE-2021-24307-all-in-one-seo-pack-admin-rce
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve