What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.
Explanation of Vulnerability in Simple Terms
Content Egg versions up to 7.0.0 contain a deserialization vulnerability that allows high-privileged users to execute arbitrary code on the site. An attacker with administrative access can craft malicious serialized data to trigger code execution. This affects the integrity and availability of the entire site.
What an attacker can do
Run arbitrary code on the site with full administrative privileges.
Potential impact on your site
A compromised admin account can execute code, modify data, and disable the site entirely.
Conditions required to exploit
Attacker must have high-level administrative access to the Content Egg installation.
Key dates
External resources
Related vulnerabilities