What the vulnerability does
01Description
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
Explanation of Vulnerability in Simple Terms
Five Star Business Profile and Schema versions up to 2.3.19 contain a code injection vulnerability that allows high-privileged users to execute arbitrary PHP code on the site. An attacker with administrative or equivalent access can inject malicious code through unvalidated input, compromising the entire site. The vulnerability affects confidentiality, integrity, and availability of the affected system.
What an attacker can do
Run arbitrary PHP code on the site with full system privileges.
Potential impact on your site
A compromised admin account can execute code, steal data, modify content, or take the site offline.
Conditions required to exploit
Attacker must have high-level administrative access to the site.
Key dates
External resources
Related vulnerabilities