CVE-2023-4314

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.

Related Vulnerabilities

CVE-2012-6613

HIGH
CVSS:7.2(High)

D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

NVD-CWE-Other2012

CVE-2014-6059

HIGH
CVSS:7.2(High)

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

NVD-CWE-Other2014

CVE-2015-7472

HIGH
CVSS:7.2(High)

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP inject...

NVD-CWE-Other2015

CVE-2015-7917

HIGH
CVSS:7.2(High)

Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

NVD-CWE-Other2015

CVE-2016-1227

HIGH
CVSS:7.2(High)

NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earl...

NVD-CWE-Other2016

CVE-2016-3461

HIGH
CVSS:7.2(High)

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and avai...

NVD-CWE-Other2016