What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll cbxpoll allows Object Injection.This issue affects CBX Poll: from n/a through <= 2.0.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll cbxpoll allows Object Injection.This issue affects CBX Poll: from n/a through <= 2.0.4.
Explanation of Vulnerability in Simple Terms
CBX Poll versions 2.0.4 and earlier contain a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code on the site. The vulnerability exists because the plugin deserializes untrusted data without proper validation. An attacker can exploit this remotely over the network without requiring authentication or user interaction.
What an attacker can do
Run their own code on the site with full privileges (remote code execution).
Potential impact on your site
Complete site compromise: attackers can steal data, modify content, create admin accounts, or take the site offline.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources