CVE-2018-1000509
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.
La versión 2.7.1 de Redirection contiene una vulnerabilidad de serialización que podría permitir una vulnerabilidad ACE en la página AJAX de Settings que puede resultar en que un administrador pueda ejecutar código arbitrario en algunas circunstancias. Para explotar este ataque, el atacante debe tener acceso a la cuenta de administrador. La vulnerabilidad parece haber sido solucionada en la versión 2.8.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-12 CVE Reserved
- 2018-06-26 CVE Published
- 2024-05-05 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://advisories.dxw.com/advisories/unserialization-redirection | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redirection Search vendor "Redirection" | Redirection Search vendor "Redirection" for product "Redirection" | 2.7.1 Search vendor "Redirection" for product "Redirection" and version "2.7.1" | wordpress |
Affected
| ||||||