Published: 24/05/2021 Updated: 03/05/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings prior to 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aioseo all in one seo

Admin PHP unserialization RCE in All in one SEO pack (CVE-2021-24307) Simple PoC of an admin authenticated RCE in AISEO <= 4101 provided as an example Full write-up here: darkpillscom/php-unserialize-write-up-with-admin-rce-in-all-in-one-seo-pack-cve-2021-24307/ Usage: php exploitphp url login password php_command arguments [proxy]

CWE-502 https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1 https://aioseo.com/changelog/https://nvd.nist.gov https://github.com/darkpills/CVE-2021-24307-all-in-one-seo-pack-admin-rce

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24307

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect