devsamuelsantiago/lagom-prototype-pollution-poc
GitHub
Releases0
The Lagom WHMCS Template version 2.3.7 bundles an outdated version of the `datatables.net` JavaScript library (prior to version 1.10.23). This outdated version contains a prototype pollution vulnerability that exposes the internal function `_fnSetObjectDataFn` through `jQuery.fn.dataTable.ext.internal._fnSetObjectDataFn`.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 3.5 LOW | 4 MEDIUM | ||
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||