What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0.
Explanation of Vulnerability in Simple Terms
Boldermail versions up to 2.4.0 contain a deserialization vulnerability that allows authenticated attackers to execute arbitrary code on the server. The vulnerability exists in how the application processes untrusted serialized data without proper validation. An attacker with low-level access can craft malicious input to trigger code execution with full system privileges.
What an attacker can do
Run arbitrary code on the server with full system access.
Potential impact on your site
Complete compromise of the server; attacker can read, modify, or delete all data and install backdoors.
Conditions required to exploit
Attacker must have a low-privilege account or valid authentication to the application.
Key dates
External resources