CVE-2021-29654
HIGHAjaxSearchPro < 4.20.8 - Remote Code Execution via Database Import Deserialization
Title source: llmDescription
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.synacktiv.com/sites/default/files/2021-04/WP_AjaxSearchPro_Vulnerability.pdf
Scores
CVSS v3
7.2
EPSS
0.0221
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
stackpath/ajaxsearchpro
< 4.20.8
Published
Apr 14, 2021
Tracked Since
Feb 18, 2026