What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through <= 1.2.1.
Explanation of Vulnerability in Simple Terms
02Summary
The PHP/MySQL CPU performance statistics tool versions 1.2.1 and earlier contain a deserialization vulnerability that allows unauthenticated attackers to run arbitrary PHP code on the server. The vulnerability requires no user interaction and can be exploited over the network. An attacker can gain complete control of the affected system, including reading sensitive data, modifying files, and disrupting service.
What an attacker can do
03Attacker Capabilities
Run arbitrary PHP code on the server without authentication, gaining full control of the system.
Potential impact on your site
04Site Impact
Complete server compromise: attackers can read all data, modify files, install malware, or take the site offline.
Conditions required to exploit
05Prerequisites
Network access to the vulnerable application. No authentication or user interaction required.
Key dates
06Disclosure timeline
March 28, 2025
CVE published
April 28, 2026
Record updated