What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1.
Explanation of Vulnerability in Simple Terms
Askka versions up to 1.3.1 contain a deserialization vulnerability that allows an attacker to execute arbitrary code on the site by sending a specially crafted network request. No authentication is required, but the attack requires specific conditions to succeed. Sites running affected versions should update immediately.
What an attacker can do
Run their own code on the site without authentication.
Potential impact on your site
Complete compromise of the site, including data theft, malware injection, and site takeover.
Conditions required to exploit
Network access to the site; specific attack conditions must be met (high complexity).
Key dates
External resources
Related vulnerabilities