Lucene search
WPScanCVELIST:CVE-2021-24579HistoryAug 30, 2021 - 2:11 p.m.
CVE-2021-24579 Bold Page Builder < 3.1.6 - PHP Object Injection
2021-08-3014:11:21
CWE-502
WPScan
www.cve.org
4
cve-2021-24579
bold page builder
php object injection
wordpress plugin
rce
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.
CNA Affected
[
{
"product": "Bold Page Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.6",
"status": "affected",
"version": "3.1.6",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Bold Page Builder < 3.1.6 - PHP Object Injection
2021-08-02 00:00:00
openvas
openvas
WordPress Bold Page Builder Plugin < 3.1.6 Object Injection Vulnerability
2024-01-04 00:00:00
nvd
nvd
CVE-2021-24579
2021-08-30 15:15:07
wpexploit
wpexploit
Bold Page Builder < 3.1.6 - PHP Object Injection
2021-08-02 00:00:00
patchstack
patchstack
prion
prion
Design/Logic Flaw
2021-08-30 15:15:00
cve
cve
CVE-2021-24579
2021-08-30 15:15:07