CVE-2018-1000509

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.
References
Link Resource
https://advisories.dxw.com/advisories/unserialization-redirection/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:redirection:redirection:2.7.1:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2018-06-26 16:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-1000509

Mitre link : CVE-2018-1000509

CVE.ORG link : CVE-2018-1000509


JSON object : View

Products Affected

redirection

  • redirection
CWE
CWE-502

Deserialization of Untrusted Data