CVE-2015-6828 - OpenCVE

The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Securemoz	Security Audit

Configuration 1 [-]

cpe:2.3:a:securemoz:security_audit:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2015/09/05/4
http://www.openwall.com/lists/oss-security/2015/09/06/3
https://wpvulndb.com/vulnerabilities/8179

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-09-16T14:00:00

Updated: 2024-08-06T07:29:24.863Z

Reserved: 2015-09-06T00:00:00

Link: CVE-2015-6828

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-09-16T14:59:04.417

Modified: 2019-06-26T19:51:26.043

Link: CVE-2015-6828

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-09-16T13:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20150906 Re: Some Wordpress Plugin Stuff (some, wordpress, stuff)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/06/3"}, {"name": "[oss-security] 20150905 Some Wordpress Plugin Stuff", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/05/4"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8179"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6828", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20150906 Re: Some Wordpress Plugin Stuff (some, wordpress, stuff)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/06/3"}, {"name": "[oss-security] 20150905 Some Wordpress Plugin Stuff", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/05/4"}, {"name": "https://wpvulndb.com/vulnerabilities/8179", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8179"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:29:24.863Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20150906 Re: Some Wordpress Plugin Stuff (some, wordpress, stuff)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/06/3"}, {"name": "[oss-security] 20150905 Some Wordpress Plugin Stuff", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/05/4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8179"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6828", "datePublished": "2015-09-16T14:00:00", "dateReserved": "2015-09-06T00:00:00", "dateUpdated": "2024-08-06T07:29:24.863Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:securemoz:security_audit:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "69AF5040-8305-4FB2-A583-34FB99913F3A", "versionEndIncluding": "1.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n tweet_info en class/__functions.php en el plugin SecureMoz Security Audit 1.0.5 y versiones anteriores para WordPress, no usa una sesi\u00f3n HTTPS para descargar datos serializados, lo que permite a atacantes man-in-the-middle llevar a cabo ataques de inyecci\u00f3n de objetos PHP y ejecutar c\u00f3digo PHP arbitrario mediante la modificaci\u00f3n de la secuencia de datos cliente-servidor. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."}], "id": "CVE-2015-6828", "lastModified": "2019-06-26T19:51:26.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-16T14:59:04.417", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/09/05/4"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/09/06/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8179"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}