Deserialization of Untrusted Data in Lis Video Gallery by Lis
CVE-2024-52430

9.8CRITICAL

Key Information:

Vendor
Lis
Status
Video Gallery
Vendor
CVE Published:
18 November 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 29%

Summary

The Lis Video Gallery plugin is susceptible to a deserialization of untrusted data vulnerability, which allows attackers to perform object injection. This exploit could allow unauthorized manipulation of the application state, potentially leading to severe consequences such as remote code execution or data manipulation. The affected versions extend from n/a up to 0.2.1. It is crucial for users of the Lis Video Gallery plugin to mitigate this vulnerability by updating to the latest version or applying appropriate security measures.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.