CVE Catalog

CVE-2026-57621

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

The Booktics plugin version 1.0.21 and earlier contains an unauthenticated PHP Object Injection vulnerability. An attacker can remotely inject a malicious PHP object without authentication.

Risk Assessment

The risk includes remote code execution, which can lead to full server compromise, data theft, or further attack propagation within the organization's network.

Recommendation

Immediately update the Booktics plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.

Original NVD description (English source)

Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS