{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11145","assignerOrgId":"9119a7d8-5eab-497f-8521-727c672e3725","state":"PUBLISHED","assignerShortName":"cisa-cg","dateReserved":"2024-11-12T15:38:38.803Z","datePublished":"2024-11-26T19:17:44.520Z","dateUpdated":"2024-11-26T19:39:10.277Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5."}],"affected":[{"vendor":"Valor Apps","product":"Easy Folder Listing Pro","defaultStatus":"unknown","versions":[{"version":"3.7","status":"affected","lessThan":"3.8","versionType":"custom"},{"version":"3.8","status":"unaffected"},{"version":"4.4","status":"affected","lessThan":"4.5","versionType":"custom"},{"version":"4.5","status":"unaffected"}]}],"problemTypes":[{"descriptions":[{"description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE","cweId":"CWE-502"}]}],"metrics":[{"cvssV3_1":{"baseScore":9.8,"baseSeverity":"CRITICAL","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"format":"CVSS"},{"cvssV4_0":{"baseScore":9.3,"baseSeverity":"CRITICAL","version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},"format":"CVSS"}],"title":"Easy Folder Listing Pro deserialization vulnerability","references":[{"name":"url","url":"https://www.valorapps.com/web-products/easy-folder-listing-pro.html"},{"name":"url","url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/IT/white/2024/va-24-331-01.json"}],"datePublic":"2024-11-11T00:00:00.000Z","providerMetadata":{"orgId":"9119a7d8-5eab-497f-8521-727c672e3725","shortName":"cisa-cg","dateUpdated":"2024-11-26T19:17:44.520Z"}},"adp":[{"affected":[{"vendor":"valor_apps","product":"easy_folder_listing_pro","cpes":["cpe:2.3:a:valor_apps:easy_folder_listing_pro:3.7:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.7","status":"affected","lessThan":"3.8","versionType":"custom"}]},{"vendor":"valor_apps","product":"easy_folder_listing_pro","cpes":["cpe:2.3:a:valor_apps:easy_folder_listing_pro:4.4:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.4","status":"affected","lessThan":"4.5","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-26T19:36:56.526469Z","id":"CVE-2024-11145","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-26T19:39:10.277Z"}}]}}