CVE-2024-47836

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 4.3.12

Description An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. This issue can lead to various impacts, including data theft, session hijacking, phishing, website defacement, malware distribution, and denial of service (DoS). The vulnerability can be exploited by sending a malicious payload to the server.

Recommendations For versions prior to 4.3.12, update to version 4.3.12 to fix the issue. As a temporary workaround, consider restricting access to the deserialization functionality until a patch is available. Avoid using the vulnerable deserialization feature in the affected API endpoints until the issue is resolved.