CVE-2024-5932

This is a functional exploit for CVE-2024-5932, targeting an unauthenticated PHP Object Injection vulnerability in GiveWP. The PoC constructs a malicious serialized payload to achieve remote code execution via deserialization.

This repository contains a functional Python exploit script and a PHP payload for CVE-2024-8353, which targets a PHP Object Injection vulnerability in the GiveWP WordPress plugin (versions up to 3.16.1). The exploit automates the process of identifying vulnerable forms, retrieving nonces, and delivering payloads to achieve remote code execution.

The repository contains only a README.md with images, suggesting it is a writeup or documentation for CVE-2024-5932. No exploit code or technical details are provided.

This repository contains a Python-based exploit for CVE-2024-5932, targeting an unauthenticated PHP Object Injection vulnerability in the GiveWP WordPress plugin. The exploit leverages a crafted payload to achieve remote code execution (RCE) via deserialization of the 'give_title' parameter.

This PoC exploits a PHP object injection vulnerability in WordPress GiveWP plugin (CVE-2024-5932) to achieve remote code execution via a crafted serialized payload. It automates the extraction of required form IDs and nonces, then triggers the exploit via a donation form submission.

This repository contains a Flask-based web UI for interacting with Llama models, demonstrating CVE-2024-5932. The exploit allows arbitrary model uploads and potential RCE via model file manipulation.

This repository contains a functional Python exploit script and a PHP payload for CVE-2024-8353, which targets a PHP Object Injection vulnerability in the GiveWP WordPress plugin (versions up to 3.16.1). The exploit automates the process of identifying vulnerable forms, retrieving nonces, and delivering payloads to achieve remote code execution.

This Metasploit module exploits an unauthenticated PHP Object Injection vulnerability in GiveWP (CVE-2024-8353), leading to remote code execution. It bypasses an incomplete patch by leveraging deserialization in the donation processing workflow.