CVE-2024-52427
EUVD-2024-4591218.11.2024, 15:15
Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| vollstart | event_tickets_with_ticket_scanner | 𝑥 < 2.3.12 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| saso_nikolov | event_tickets_with_ticket_scanner | 𝑥 ≤ 2.3.11 | ADP |
Common Weakness Enumeration
- CWE-82 - Improper Neutralization of Script in Attributes of IMG Tags in a Web PageThe web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.