Deserialization of Untrusted Data in Lis Video Gallery by Lis
CVE-2024-52430
Key Information:
- Vendor
- Lis
- Status
- Video Gallery
- Vendor
- CVE Published:
- 18 November 2024
Badges
Summary
The Lis Video Gallery plugin is susceptible to a deserialization of untrusted data vulnerability, which allows attackers to perform object injection. This exploit could allow unauthorized manipulation of the application state, potentially leading to severe consequences such as remote code execution or data manipulation. The affected versions extend from n/a up to 0.2.1. It is crucial for users of the Lis Video Gallery plugin to mitigate this vulnerability by updating to the latest version or applying appropriate security measures.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
29% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published