What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through <= 5.1.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through <= 5.1.1.
Explanation of Vulnerability in Simple Terms
Employee Spotlight versions 5.1.1 and earlier contain a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. The vulnerability requires specific network conditions to exploit but does not require user interaction. Attackers can read sensitive data, modify site content, or disrupt service availability.
What an attacker can do
Execute arbitrary code on the server, read sensitive data, modify content, or crash the site.
Potential impact on your site
Complete compromise of the site: data theft, malware injection, or service disruption without warning.
Conditions required to exploit
Network access to the vulnerable application; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities