CVE-2021-21956

Name of the Vulnerable Software and Affected Versions Imunify360 version 5.10.2

Description A php unserialize vulnerability exists in the Ai-Bolit functionality, allowing potential arbitrary command execution through a specially-crafted malformed file. An attacker can provide a malicious file to trigger this issue, which is related to deficiencies in the deserialization mechanism. This can enable a remote attacker to execute arbitrary commands using a specially created malicious file.

Recommendations For Imunify360 version 5.10.2, consider disabling the Ai-Bolit functionality until a patch is available to prevent potential exploitation. Restrict access to the scanning functionality to minimize the risk of arbitrary command execution. Avoid using potentially malicious files with the Ai-Bolit functionality until the issue is resolved.