What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5.
Explanation of Vulnerability in Simple Terms
The Insurance product by DesignThemes versions 3.5 and earlier contain a deserialization vulnerability in how they process untrusted data. An authenticated attacker can exploit this to read sensitive site data, modify content, or disrupt service availability. No user interaction is required. Update to a version newer than 3.5 immediately.
What an attacker can do
Read sensitive data, modify site content, or crash the site by sending malicious serialized data.
Potential impact on your site
Any authenticated user can compromise site confidentiality, integrity, and availability without additional interaction.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges; network access to the site.
Key dates
External resources