TROYANOSYVIRUS
Voltar para CVEs

CVE-2021-4451

MEDIUM
6.6

Descricao

The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).

Detalhes CVE

Pontuacao CVSS v3.16.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado10/16/2024
Ultima modificacao10/30/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

nintechnet:ninjafirewall

Fraquezas (CWE)

CWE-502CWE-502

Referencias

https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve(security@wordfence.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.