_ _
/ | _| |_ _ _____ ___ ___ ___ ___ ___
_ / / | . | | | | . | _| . | _| -_|
|_|_/ |___|___|_|_|_| _|___|___|_| |___|
|_|
2019-05-07
Insecure Deserialization in WordPress plugin virim v0.4
=======================================================
CVE-2019-12240
The title says it all. The plugin in question[1] passes attacker
controllable data to the unserialize() function, resulting in insecure
deserialization. No authentication required.
For more about insecure deserialization, check references below[2].
# Details
graph.php:
13 if($_GET['type']=='over_time') {
..
48 }
49 else {
50
51 $line_values = unserialize($_GET['s_values']);
52 $t_line_values = unserialize($_GET['t_values']);
53 $c_line_values = unserialize($_GET['c_values']);
54 }
# Timeline
2019-05-07 Public disclosure
2019-05-07 CVE-ID requested
2019-05-20 CVE-2019-12240 assigned
# References
1:
wordpress.org/plugins/virim2:
owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization