7.2
CVE-2021-29654
- EPSS 2.21%
- Veröffentlicht 14.04.2021 18:15:14
- Zuletzt bearbeitet 21.11.2024 06:01:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Stackpath ≫ Ajaxsearchpro SwPlatformwordpress Version < 4.20.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.21% | 0.802 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://www.synacktiv.com/sites/default/files/2021-04/WP_AjaxSearchPro_Vulnerability.pdf