What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3.
Explanation of Vulnerability in Simple Terms
Alone versions 7.8.3 and earlier contain a code injection vulnerability that allows unauthenticated attackers to run arbitrary code on the site without user interaction. The vulnerability stems from insufficient input validation in the product. An attacker can exploit this remotely over the network to gain full control of the affected site, including reading sensitive data, modifying content, and disrupting service.
What an attacker can do
Run arbitrary code on the site and gain full control without authentication.
Potential impact on your site
Complete site compromise: attackers can steal data, modify content, install malware, or take the site offline.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources