Products
MotoPress Timetable and Event Schedule
- n/a - 2.4.13
Source
audit@patchstack.com
Tags
CVE-2024-39630 details
Published : Aug. 1, 2024, 9:15 p.m.
Last Modified : Aug. 1, 2024, 9:15 p.m.
Last Modified : Aug. 1, 2024, 9:15 p.m.
Description
Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13.
CVSS Score
1 | 2 | 3 | 4 | 5.5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-502 | Deserialization of Untrusted Data | The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
5.5
Exploitability Score
1.3
Impact Score
3.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
References
This website uses the NVD API, but is not approved or certified by it.