What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through <= 7.8.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through <= 7.8.2.
Explanation of Vulnerability in Simple Terms
Beplusthemes Alone versions up to 7.8.2 contain a code injection vulnerability that allows unauthenticated attackers to inject and execute arbitrary code through the application. The vulnerability requires no user interaction and can be exploited over the network. An attacker can leverage this to compromise site functionality, modify content, or gain further access to the system.
What an attacker can do
Inject and execute arbitrary code on the site without authentication.
Potential impact on your site
Attackers can run malicious code on your site, modify content, steal data, or take full control of the installation.
Conditions required to exploit
Network access to the vulnerable application; no authentication or user interaction required.
Key dates
External resources