What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Prisna Social Counter social-counter allows Object Injection.This issue affects Social Counter: from n/a through <= 2.0.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Prisna Social Counter social-counter allows Object Injection.This issue affects Social Counter: from n/a through <= 2.0.5.
Explanation of Vulnerability in Simple Terms
Social Counter versions up to 2.0.5 contain a deserialization vulnerability that allows authenticated administrators to execute arbitrary code on the site. An attacker with high-level admin access can craft malicious serialized data to trigger code execution. This affects confidentiality, integrity, and availability of the site.
What an attacker can do
Run arbitrary code on the site with full administrative privileges.
Potential impact on your site
A compromised admin account can fully compromise the site, steal data, modify content, or take the site offline.
Conditions required to exploit
Attacker must have high-level administrator access to the site.
Key dates
External resources
Related vulnerabilities