What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through <= 3.0.0.266.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through <= 3.0.0.266.
Explanation of Vulnerability in Simple Terms
Javo Core versions up to 3.0.0.266 contain a code injection vulnerability that allows an attacker to inject and execute arbitrary code through network requests. The attack requires specific conditions to be met but does not require authentication or user interaction. Successful exploitation can compromise confidentiality, integrity, and availability of the affected system.
What an attacker can do
Inject and execute arbitrary code on the site without authentication.
Potential impact on your site
An attacker could run malicious code, steal data, modify content, or disrupt site operations.
Conditions required to exploit
Network access; specific attack conditions must be met (high complexity).
Key dates
External resources
Related vulnerabilities