Easy Digital Downloads <= 2.5.7 - PHP Object Injection

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Easy Digital Downloads unserializes user-submitted data from cookies and other request parameters, allowing for object injection.

Affects

Plugin easy-digital-downloads
fixed in version 2.5.8

References

URL https://github.com/easydigitaldownloads/Easy-Digital-Downloads/commit/7e83d2737b430c76f515b5433ee067fa5e6b1d4f

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter Danny van Kooten
Submitter Website http://dvk.co/
Submitter Twitter dannyvankooten
Views 273
Verified No
WPVDB ID 8404

Timeline

Publicly Published 2016-03-02 (9 months ago)
Added 2016-03-03 (9 months ago)
Last Updated 2016-03-03 (9 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.