CVE-2024-1895
published 2024-04-30CVE-2024-1895: The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and…
PriorityP343high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
0.85%
53.6th percentile
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| awordpresslife | event_monster_manager_ticket_booking | <= 1.3.9 | — |
| awplife | event_monster | < 1.4.0 | 1.4.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fv5j-c825-8pf5: The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to
ghsa_unreviewed·2024-04-30
CVE-2024-1895 [HIGH] CWE-502 GHSA-fv5j-c825-8pf5: The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Red Hat
kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
vendor_redhat·2024-08-17·CVSS 5.5
CVE-2024-42307 [MEDIUM] kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
kernel: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
Dan Carpenter reported a Smack static checker warning:
fs/smb/client/cifsfs.c:1981 init_cifs()
error: we previously assumed 'serverclose_wq' could be null (see line 1895)
The patch which introduced the serverclose workqueue used the wrong
oredering in error paths in init_cifs() for freeing it on errors.
A potential null pointer use in destroy_workqueue in init_cifs error path was found in the Linux kernel.
Statement: No Red Hat products are affected by this vulnerability.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/event-monster/tags/1.3.3/shortcode.phphttps://plugins.trac.wordpress.org/changeset/3102670https://www.wordfence.com/threat-intel/vulnerabilities/id/41d7b3f1-a133-4678-b2d9-3f9951cbc005?source=cvehttps://plugins.trac.wordpress.org/browser/event-monster/tags/1.3.3/shortcode.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/41d7b3f1-a133-4678-b2d9-3f9951cbc005?source=cve
2024-04-30
Published