Published:2016/05/13 Last Updated:2016/05/16
JVN#44657371
WordPress plugin "Ninja Forms" vulnerable to PHP object injection
Overview
WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability.
Products Affected
- Ninja Forms Version 2.9.36 to 2.9.42
Description
WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized.
Impact
A remote attacker may execute an arbitrary PHP code.
Solution
Update the Software
Update to a version that addresses the vulnerability according to the information provided by the developer.
The developer states that versions 2.9.43 and .1 versions of 2.9.36 through 2.9.42 address this vulnerability (e.g. 2.9.36.1, 2.9.37.1, etc.).
Also, the developer suggests updating to version 2.9.45, which contains fixes for other vulnerabilities.
Vendor Status
| Vendor | Link |
| WP Ninjas, LLC. | Important Security Update or You Always Hurt the Ones You Love |
| Ninja Forms — WordPress Plugins |
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score:
5.6
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score:
6.8
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2016-1209 |
| JVN iPedia |
JVNDB-2016-000064 |
Update History
- 2016/05/16
- Information under the section "Credit" was deleted.