What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.
Explanation of Vulnerability in Simple Terms
ThemeGoods Photography contains a deserialization vulnerability that allows authenticated attackers to execute arbitrary code on the site. The flaw exists in how the product processes untrusted serialized data. An attacker with low-level access can craft malicious input to trigger code execution, potentially compromising the entire site. Update to a version newer than 7.5.2.
What an attacker can do
Run arbitrary code on the site with the privileges of the web server.
Potential impact on your site
Complete site compromise, data theft, malware injection, and loss of control over the site.
Conditions required to exploit
Attacker must have a low-privilege account or authenticated session on the site.
Key dates
External resources
Related vulnerabilities