Objective: [[Gain Unauthorized Administrative Access]]
[[Gain Unauthorized Administrative Access]]
/
/
[[Exploit Plugin]] [Exploit Core Functionality]
[Vulnerabilities]] |
| |
|
| [Exploit Deserialization Vulnerabilities]
| |
| |
[[Known Plugin]] [Unsafe Use of ObjectDataProvider]
[[Vulnerability]]
|
|
[[Unpatched Plugin]]
[[Vulnerability]]
|
|
/
/
[Abuse nopCommerce Features]
|
|
[Misconfigured Permissions]
Attack Tree Path: Path 1: Exploit Known Plugin Vulnerability
[[Gain Unauthorized Administrative Access]] -> [[Exploit Plugin Vulnerabilities]] -> [[Known Plugin Vulnerability]]
Attack Tree Path: Path 2: Exploit Unpatched Plugin Vulnerability
[[Gain Unauthorized Administrative Access]] -> [[Exploit Plugin Vulnerabilities]] -> [[Unpatched Plugin Vulnerability]]
Attack Tree Path: Path 3: Exploit Deserialization Vulnerability
[[Gain Unauthorized Administrative Access]] -> [Exploit Core Functionality] -> [Exploit Deserialization Vulnerabilities] -> [Unsafe Use of ObjectDataProvider]
Attack Tree Path: Path 4: Abuse Misconfigured Permissions
[[Gain Unauthorized Administrative Access]] -> [Abuse nopCommerce Features] -> [Misconfigured Permissions]