What the vulnerability does
01Description
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions.
Explanation of Vulnerability in Simple Terms
Paid Videochat Turnkey Site versions up to 7.3.23 contain a deserialization vulnerability that allows an attacker to execute arbitrary code on the server. The vulnerability requires high attack complexity but no authentication or user interaction. An attacker can exploit this by sending a specially crafted request to deserialize malicious data, leading to remote code execution.
What an attacker can do
Run their own code on the server and take full control of the site.
Potential impact on your site
Complete compromise of the site, including data theft, malware installation, and service disruption.
Conditions required to exploit
Network access to the vulnerable application; no authentication required.
Key dates
External resources
Related vulnerabilities