Vulnerabilities > CVE-2021-24307 - Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

aioseo

CWE-502

critical

NVD

Published: 2021-05-24

Updated: 2022-05-03

Summary

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution.

Vulnerable Configurations

Part	Description	Count
Application	Aioseo Aioseo ALL IN ONE SEO 4.0.0 Aioseo ALL IN ONE SEO 4.0.1 Aioseo ALL IN ONE SEO 4.0.2 Aioseo ALL IN ONE SEO 4.0.3 Aioseo ALL IN ONE SEO 4.0.4 Aioseo ALL IN ONE SEO 4.0.5 Aioseo ALL IN ONE SEO 4.0.6 Aioseo ALL IN ONE SEO 4.0.7 Aioseo ALL IN ONE SEO 4.0.8 Aioseo ALL IN ONE SEO 4.0.9 Aioseo ALL IN ONE SEO 4.0.10 Aioseo ALL IN ONE SEO 4.0.11 Aioseo ALL IN ONE SEO 4.0.12 Aioseo ALL IN ONE SEO 4.0.13 Aioseo ALL IN ONE SEO 4.0.14 Aioseo ALL IN ONE SEO 4.0.15 Aioseo ALL IN ONE SEO 4.0.16 Aioseo ALL IN ONE SEO 4.0.17 Aioseo ALL IN ONE SEO 4.1.0 Aioseo ALL IN ONE SEO 4.1.0.1	20

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References