Deserialization of Untrusted Data Vulnerability Affects Master Slider
CVE-2024-32600

9.6CRITICAL

Key Information:

Vendor: Averta
Status: Master Slider
Vendor: CVE Published:; 18 April 2024

What is CVE-2024-32600?

A vulnerability exists in Averta Master Slider due to improper handling of untrusted data during the deserialization process. This flaw can lead to PHP object injection, which may allow attackers to exploit the web application by manipulating PHP objects. Users of Master Slider versions from n/a up to and including 3.9.5 are particularly affected. It is advisable for users to implement necessary security updates and patches to safeguard their applications against potential exploitation stemming from this vulnerability.

References

https://patchstack.com/database/vulnerability/master-slid...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2024

JSON