CVE-2026-4239
Published
CVSS v3
3.5
LOW
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
The Lagom WHMCS Template version 2.3.7 bundles an outdated version of the `datatables.net` JavaScript library (prior to version 1.10.23). This outdated version contains a prototype pollution vulnerability that exposes the internal function `_fnSetObjectDataFn` through `jQuery.fn.dataTable.ext.internal._fnSetObjectDataFn`.
GitHub