First published: Tue Jan 21 2025(Updated: )
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Reputeinfosystems Arprice | <=4.0.3 | |
WordPress ARPrice | <=4.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-49699 is classified as a critical vulnerability due to its potential for object injection attacks.
CVE-2024-49699 allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution.
To fix CVE-2024-49699, you should upgrade NotFound ARPrice to version 4.0.4 or later to patch the vulnerability.
Yes, CVE-2024-49699 affects all versions of ARPrice from n/a through 4.0.3.
If updating is not an option, mitigate CVE-2024-49699 by reviewing and sanitizing user inputs to prevent untrusted data from being processed.