Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.
References
Link | Resource |
---|---|
https://advisories.dxw.com/advisories/unserialization-redirection/ | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-06-26 16:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-1000509
Mitre link : CVE-2018-1000509
CVE.ORG link : CVE-2018-1000509
JSON object : View
Products Affected
redirection
- redirection
CWE
CWE-502
Deserialization of Untrusted Data