{"containers":{"cna":{"affected":[{"product":"JoomSport – for Sports: Team & League, Football, Hockey & more","vendor":"Unknown","versions":[{"lessThan":"5.1.8","status":"affected","version":"5.1.8","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Bugbang"}],"descriptions":[{"lang":"en","value":"The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-07-06T11:03:27.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://wpscan.com/vulnerability/fb6c407c-713c-4e83-92ce-4e5f791be696"}],"source":{"discovery":"UNKNOWN"},"title":"JoomSport < 5.1.8 - Unauthenticated PHP Object Injection","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2021-24384","STATE":"PUBLIC","TITLE":"JoomSport < 5.1.8 - Unauthenticated PHP Object Injection"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"JoomSport – for Sports: Team & League, Football, Hockey & more","version":{"version_data":[{"version_affected":"<","version_name":"5.1.8","version_value":"5.1.8"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"Bugbang"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-502 Deserialization of Untrusted Data"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/fb6c407c-713c-4e83-92ce-4e5f791be696","refsource":"CONFIRM","url":"https://wpscan.com/vulnerability/fb6c407c-713c-4e83-92ce-4e5f791be696"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:28:23.922Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://wpscan.com/vulnerability/fb6c407c-713c-4e83-92ce-4e5f791be696"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2021-24384","datePublished":"2021-07-06T11:03:27.000Z","dateReserved":"2021-01-14T00:00:00.000Z","dateUpdated":"2024-08-03T19:28:23.922Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}