What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2.
Explanation of Vulnerability in Simple Terms
Aitasi Coming Soon versions up to 2.0.2 contain a deserialization vulnerability that allows authenticated administrators to execute arbitrary PHP code on the site. An attacker with high-level admin access can craft malicious serialized data to trigger code execution. This affects confidentiality, integrity, and availability of the site.
What an attacker can do
Run arbitrary PHP code on the site with full admin privileges.
Potential impact on your site
A compromised admin account can fully compromise the site, steal data, modify content, or take the site offline.
Conditions required to exploit
Attacker must have high-level administrator access to the site.
Key dates
External resources
Related vulnerabilities