What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1.
Explanation of Vulnerability in Simple Terms
GSheets Connector versions 1.1.1 and earlier contain a deserialization vulnerability that allows authenticated administrators to execute arbitrary code on the site. An attacker with high-level privileges can craft malicious serialized data that, when processed by the plugin, runs their own PHP code. This requires administrative access to exploit.
What an attacker can do
Run arbitrary code on the site with the privileges of the web server.
Potential impact on your site
A compromised admin account can lead to full site takeover, data theft, or malware installation.
Conditions required to exploit
Attacker must have high-level administrative access to the site.
Key dates
External resources