Deserialization of Untrusted Data Vulnerability Allows Object Injection in Namaste! LMS
CVE-2024-50408

8.8HIGH

Key Information:

Vendor: WordPress
Status: Namaste! Lms
Vendor: CVE Published:; 28 October 2024

Summary

A deserialization vulnerability exists in Namaste! LMS developed by Kiboko Labs, which permits object injection due to untrusted data handling. This issue can lead to potential exploitation by attackers who can manipulate the deserialization process, thereby compromising the integrity and security of the application. The affected versions include all variants up to 2.6.3, prompting users to prioritize updates and security measures to mitigate associated risks.

Affected Version(s)

Namaste! LMS <= 2.6.3

References

https://patchstack.com/database/vulnerability/namaste-lms...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

Mika (Patchstack Alliance)