PT-2021-18386 · Unknown · Ajax Search Pro

Published

2021-04-14

Updated

2021-04-21

CVE-2021-29654

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AjaxSearchPro versions prior to 4.20.8

Description The issue allows deserialization of untrusted data, which can lead to remote code execution. This is specifically related to the import database feature in the administration panel.

Recommendations For versions prior to 4.20.8, update to version 4.20.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the import database feature in the administration panel until the update is applied.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2021-29654

Affected Products

Ajax Search Pro

PT-2021-18386 · Unknown · Ajax Search Pro

CVE-2021-29654

Weakness Enumeration

Related Identifiers

Affected Products

References · 3