What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through < 7.8.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through < 7.8.5.
Explanation of Vulnerability in Simple Terms
Beplusthemes Alone versions up to 7.8.5 contain a code injection vulnerability that allows attackers to inject and execute arbitrary code. The vulnerability requires specific conditions to exploit but can affect confidentiality, integrity, and availability. Site administrators should update to a version newer than 7.8.5 as soon as possible.
What an attacker can do
Inject and execute arbitrary code on the site under specific conditions.
Potential impact on your site
Attackers could read sensitive data, modify site content, or disrupt site availability if they successfully exploit the injection flaw.
Conditions required to exploit
Network access; no authentication required, but attack complexity is high.
Key dates
External resources
Related vulnerabilities