What the vulnerability does
01Description
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
Explanation of Vulnerability in Simple Terms
Modula Image Gallery versions up to 2.14.18 contain a deserialization vulnerability in how the plugin processes untrusted data. An authenticated administrator can craft malicious input that causes the plugin to deserialize and execute arbitrary code on the site. This requires high-level admin access but can lead to full site compromise.
What an attacker can do
Run arbitrary code on the site with full administrative privileges.
Potential impact on your site
A compromised admin account can take over your entire WordPress installation and access all data.
Conditions required to exploit
Attacker must have WordPress administrator account access.
Key dates
External resources
Related vulnerabilities