CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.
Configurations

Configuration 1

cpe:2.3:a:splashing_images_project:splashing_images:*:*:*:*:*:wordpress:*:*

Information

Published : 2018-01-30 08:29

Updated : 2022-12-02 07:09


NVD link : CVE-2018-6195

Mitre link : CVE-2018-6195

Products Affected
No products.
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')