PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-23522 PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T17:16:13.461Z

Reserved: 2021-01-01T00:00:00

Link: CVE-2020-35939

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-01T02:15:13.627

Modified: 2024-11-21T05:28:33.820

Link: CVE-2020-35939

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.