Primary

Context

Elunez Eladmin Deserialization Vulnerability in Maintenance Management Module

Vulnerability

A deserialization vulnerability has been identified in Elunez Eladmin version 2.7, specifically within the Maintenance Management Module. The issue arises in the file '/api/database/testConnect', where untrusted data is deserialized without proper validation, potentially leading to unauthorized data manipulation. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary file reading on the server, which could lead to unauthorized information disclosure.

Reproduction

To reproduce this vulnerability, access the '/api/database/testConnect' endpoint with a crafted input that exploits the deserialization flaw. This can be done remotely, and the available proof-of-concept exploit may be used as a reference.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elunez Eladmin Deserialization Vulnerability in Maintenance Management Module

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating