Vulnerabilities > CVE-2021-24384 - Unspecified vulnerability in Beardev Joomsport

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

beardev

critical

NVD

Published: 2021-07-06

Updated: 2024-11-21

Summary

The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE

Vulnerable Configurations

Part	Description	Count
Application	Beardev Beardev Joomsport - Beardev Joomsport 1.0 Beardev Joomsport 1.1.0 Beardev Joomsport 1.2.1 Beardev Joomsport 1.2.3 Beardev Joomsport 1.3.0 Beardev Joomsport 1.3.1 Beardev Joomsport 2.0 Beardev Joomsport 2.0.2 Beardev Joomsport 2.1 Beardev Joomsport 3.0.1 Beardev Joomsport 3.1 Beardev Joomsport 3.2 Beardev Joomsport 3.2.1 Beardev Joomsport 3.2.3 Beardev Joomsport 3.3 Beardev Joomsport 3.4 Beardev Joomsport 4.0 Beardev Joomsport 4.1.2 Beardev Joomsport 5.0 Beardev Joomsport 5.1.1 Beardev Joomsport 5.1.3 Beardev Joomsport 5.1.4 Beardev Joomsport 5.1.5 Beardev Joomsport 5.1.6	25

Summary

Vulnerable Configurations

References