CVE-2024-11145 CRITICAL

CVE-2024-11145: Easy Folder Listing Pro deserialization vulnerability

Vendor Valor Apps
Product Easy Folder Listing Pro
Weakness CWE-502 · Unsafe deserialization
Published November 26, 2024
Last update November 26, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.

Key dates

02Disclosure timeline

November 26, 2024 CVE published
November 26, 2024 Record updated