What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
Explanation of Vulnerability in Simple Terms
Aperitif versions up to 1.6 contain a deserialization vulnerability that allows attackers to execute arbitrary code on affected sites. The vulnerability requires network access and high attack complexity but no authentication. An attacker can craft malicious serialized data to trigger code execution during deserialization. Sites running Aperitif 1.6 or earlier should update immediately.
What an attacker can do
Run arbitrary code on the site without authentication.
Potential impact on your site
Complete site compromise: data theft, malware injection, or site takeover possible.
Conditions required to exploit
Network access; attacker must craft and deliver malicious serialized data (high attack complexity).
Key dates
External resources
Related vulnerabilities