Description
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)
MySQL CVE-2014-6559 Vulnerability (CVE-2014-6559)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2019-18838)
SharePoint CVE-2021-42294 Vulnerability (CVE-2021-42294)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Cross-Site Scripting (1.1.46)