Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1209 — Improper Input Validation in Ninja Forms

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

80.6%

top 0.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Ninjaforms Ninja Forms

Timeline

PublishedMay 14

Latest updateMay 17

Description

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDninjaforms/ninja_forms2.9.42

🔴Vulnerability Details

GHSA

GHSA-3qv8-hqcp-vhrh: The Ninja Forms plugin before 2↗2022-05-17

▶

CVEList

CVE-2016-1209: The Ninja Forms plugin before 2↗2016-05-14

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)↗2016-05-04

▶