CVE-2024-52430
9.8CRITICAL
Key Information
- Vendor
- Lis
- Status
- Video Gallery
- Vendor
- CVE Published:
- 18 November 2024
Badges
πΎ Exploit Existsπ‘ Public PoC
Summary
Deserialization of Untrusted Data vulnerability in Lis Lis Video Gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through 0.2.1.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Collectors
NVD Database1 Proof of Concept(s)
CVE: CVE-2024-52430
Vulnerability
{}
id:"fb7adde4-ab6c-467a-8ce5-fe9b18d48b28",
cve_id:"CVE-2024-52430",
zdi_id:null,
ghsa_id:null,
collector_nvd:true,
collector_mitre:false,
vendor_id:"lis",
vendor:"Lis",
vendors:[],
"Lis"
vendor_derived:false,
vendor_matched:false,
vendor_advisory:null,
products:[],
"Video Gallery"
affected_versions:null,
patched_versions:null,
problem_type:[],
"CWE-502"
brand:null,
brand_url:null,
title_generated:null,
title_mitre:null,
description_generated:null,
description_generated_date:null,
description_generated_regenerate:false,
description_cisa:null,
description_vendor:null,
description_nvd:"Deserialization of Untrusted Data vulnerability in Lis Lis Video Gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through 0.2.1.",
description_mitre:null,
solution_mitre:null,
cisa_matched:false,
cisa_vendorproject:null,
cisa_product:null,
cisa_vulnerabilityname:null,
cisa_dateadded:null,
cisa_requiredaction:null,
cisa_knownransomwarecampaignuse:false,
ransomware:false,
ransomware_date:null,
trended:false,
trended_date:null,
trended_no_1:false,
trended_no_1_date:null,
exploited:true,
exploited_date:2024-11-25T22:55:39.000Z,
article_mainstream:false,
article_mainstream_date:null,
timeline:{},
history:[]
reference:[],
{}
url:"https://patchstack.com/database/vulnerability/lis-video-gallery/wordpress-lis-video-gallery-plugin-0-2-1-php-object-injection-vulnerability?_s_id=cve",
name:"https://patchstack.com/database/vulnerability/lis-video-gallery/wordpress-lis-video-gallery-plugin-0-2-1-php-object-injection-vulnerability?_s_id=cve",
refsource:"",
tags:[]
configurations:{},
CVE_data_version:"4.0",
nodes:[]
{}
operator:"OR",
children:[],
cpe_match:[]
{}
vulnerable:true,
cpe23Uri:"cpe:2.3:a:lis:video_gallery:*:*:*:*:*:wordpress:*:*",
versionEndIncluding:"0.2.1",
cpe_name:[]
affected:null,
credits:null,
impact_cvssv3_vector_string:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
impact_cvssv3_base_score:9.8,
impact_cvssv3_base_severity:"CRITICAL",
meta_status:"RESERVED",
meta_trending:false,
meta_trending_position:0,
meta_trending_stats:{},
meta_trending_history:{},
history:[]
meta_published:2024-11-18T15:15:00.000Z,
meta_updated:2024-11-18T17:11:00.000Z,
meta_reserved:null,
meta_modified:2024-12-11T07:30:39.000Z,
title_vendor:null,
solution_vendor:null,
vendor_info:null,
cisa_focus:false,
poc:true,
poc_date:2024-11-25T22:55:39.000Z,
meta_published_month:11,
meta_published_year:2024,
meta_published_doy:323,
epss_current:0.001060000038705766,
epss_previous:0.001060000038705766,
epss_change:0,
epss_percentile:0.4415099918842316,
meta_keywords:null,
description_meta:null,
highest_score:0,
impact_severity:"CRITICAL",
impact_nvd_cvssv3_1_vector_string:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
impact_nvd_cvssv3_1_base_severity:"CRITICAL",
impact_cisa_cvssv3_1_vector_string:null,
impact_cisa_cvssv3_1_base_severity:null,
impact_vendor_cvssv3_1_vector_string:null,
impact_vendor_cvssv3_1_base_score:null,
impact_vendor_cvssv3_1_base_severity:null,
impact_nvd_cvssv4_vector_string:null,
impact_nvd_cvssv4_base_score:null,
impact_nvd_cvssv4_base_severity:null,
impact_cisa_cvssv4_vector_string:null,
impact_cisa_cvssv4_base_score:null,
impact_cisa_cvssv4_base_severity:null,
impact_vendor_cvssv4_vector_string:null,
impact_vendor_cvssv4_base_score:null,
impact_vendor_cvssv4_base_severity:null,
impact_nvd_cvssv3_1_base_score:9.8,
impact_cisa_cvssv3_1_base_score:null,
impact_score:9.8,
cvss:{}
attackVector:"Network",
attackComplexity:"Low",
privilegesRequired:"None",
userInteraction:"None",
scope:"Unchanged",
confidentialityImpact:"High",
integrityImpact:"High",
availabilityImpact:"High",
exploitability:"",
remediationLevel:"",
reportConfidence:""
Vendor
null