What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
Explanation of Vulnerability in Simple Terms
Töbel versions up to 1.8.1 contain a deserialization vulnerability that allows an attacker to execute arbitrary code on the site by sending a specially crafted network request. No authentication is required, but the attack requires specific conditions to succeed. Sites running affected versions should update immediately.
What an attacker can do
Run their own code on the site by sending a malicious request.
Potential impact on your site
Complete compromise of the site, including data theft, modification, and service disruption.
Conditions required to exploit
Network access to the site; specific attack conditions must be met (high complexity).
Key dates
External resources
Related vulnerabilities