Main
Vulnerability Database
Exploits
ID:8400 - Exploit for PHP object injection in WordPress - CVE-2018-20148
ID:8400 - Exploit for PHP object injection in WordPress - CVE-2018-20148
Published: September 25, 2022
Vulnerability identifier: #VU16525
Vulnerability risk: High
CVE-ID: CVE-2018-20148
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
WordPress
WordPress
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to PHP object injection. A remote attacker can craft meta data in a way that resulted in PHP object injection and arbitrary code execution.
The weakness exists due to PHP object injection. A remote attacker can craft meta data in a way that resulted in PHP object injection and arbitrary code execution.
Remediation
Update to version 5.0.1.