top of page
Sentence 11
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
Actual
Tags:
-
Exploit mechanism: PHP Object Injection issue
-
Exploit objective: severe issues such as RCE
-
Attack pathway: unserialised user input from the shattr POST parameter
Predicted
Tags:
-
Exploit mechanism: PHP Object Injection
-
Exploit objective: RCE
-
Attack pathway: unserialised user input from the shattr POST parameter
bottom of page