What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through <= 4.80.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through <= 4.80.
Explanation of Vulnerability in Simple Terms
Add Custom Codes versions 4.80 and earlier contain a code injection vulnerability. An authenticated user with low privileges can inject and execute arbitrary code on the site by exploiting insufficient input validation. The attack requires network access but no user interaction. Successful exploitation grants full control over site data and functionality.
What an attacker can do
Run arbitrary code on the site with the privileges of the web server process.
Potential impact on your site
Compromised site can have data stolen, modified, or deleted; malware injected; or be used to attack visitors.
Conditions required to exploit
Attacker must have a low-privilege authenticated account; network access to the site.
Key dates
External resources