Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2024-5932

Description

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.

POC

Reference

- https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/

Github

- https://github.com/0xb0mb3r/CVE-2024-5932-PoC

- https://github.com/0xb0mb3r/CVE-2024-8353-PoC

- https://github.com/12442RF/POC

- https://github.com/20142995/nuclei-templates

- https://github.com/DMW11525708/wiki

- https://github.com/EQST-Lab/RnT

- https://github.com/EQSTLab/CVE-2024-5932

- https://github.com/EQSTLab/CVE-2024-8353

- https://github.com/EQSTLab/RnT

- https://github.com/Lern0n/Lernon-POC

- https://github.com/Linxloop/fork_POC

- https://github.com/Ostorlab/KEV

- https://github.com/OxLmahdi/cve-2024-5932

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/SecNN/SecNN-Wiki

- https://github.com/WhosGa/MyWiki

- https://github.com/admin772/POC

- https://github.com/adysec/POC

- https://github.com/c-malitia/GiveWP-POC

- https://github.com/cisp-pte/POC-20241008-sec-fork

- https://github.com/eeeeeeeeee-code/POC

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/greenberglinken/2023hvv_1

- https://github.com/hlc23/CVE-2024-5932-web-ui

- https://github.com/iemotion/POC

- https://github.com/laoa1573/wy876

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nothe1senberg/CVE-2024-8353

- https://github.com/oLy0/Vulnerability

- https://github.com/plbplbp/loudong001

- https://github.com/tanjiti/sec_profile

- https://github.com/tk-1001/PHPexploit_pack

- https://github.com/wooluo/POC00

- https://github.com/wy876/POC

- https://github.com/wy876/wiki