Plataforma
php
Componente
lagom-prototype-pollution-poc
Corrigido em
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
CVE-2026-4239 describes a prototype pollution vulnerability affecting Lagom WHMCS Template versions 2.3.0 through 2.3.7. This flaw allows attackers to manipulate object prototype attributes, potentially leading to unexpected application behavior. A public exploit is available, increasing the risk of exploitation. While the CVSS score is LOW, prompt action is advised to mitigate potential impact.
Prototype pollution occurs when an attacker can inject properties into the prototype of a JavaScript object. In the context of Lagom WHMCS Template, this could allow an attacker to modify the behavior of existing functions or introduce new, malicious functionality. While the immediate impact might be limited, successful exploitation could lead to data corruption, denial of service, or even remote code execution depending on how the application utilizes the polluted prototype. The public availability of an exploit significantly increases the likelihood of exploitation, particularly if the template is widely deployed without immediate patching.
This vulnerability was publicly disclosed on 2026-03-16. The existence of a public proof-of-concept (POC) indicates a relatively low barrier to entry for attackers. The vendor was contacted but did not respond, suggesting a potential lack of active maintenance for the Lagom WHMCS Template. The CVSS score of 3.5 reflects the LOW severity, but the public exploit and lack of vendor response warrant immediate attention.
Organizations using Lagom WHMCS Template versions 2.3.0 through 2.3.7, particularly those hosting their WHMCS installations on shared hosting environments, are at increased risk. Environments with limited security monitoring or input validation practices are also more vulnerable.
• php / web:
find /var/www/html -name 'datatables.js' -print0 | xargs -0 grep -i 'Object.prototype.'• generic web:
curl -I https://your-lagom-template-url/ | grep -i 'Content-Type: application/javascript'disclosure
Status do Exploit
EPSS
0.04% (percentil 11%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-4239 is to upgrade Lagom WHMCS Template to a version that addresses the vulnerability. As no fixed version is specified, consult the vendor's website or repository for the latest release. If upgrading is not immediately feasible, consider implementing input validation and sanitization to prevent malicious data from reaching the Datatables component. Web application firewalls (WAFs) configured to detect prototype pollution attempts can provide an additional layer of defense. Monitor application logs for unusual object property modifications.
Atualize o Lagom WHMCS Template para uma versão posterior à 2.3.7. Isso resolverá a vulnerabilidade de poluição de protótipos no componente Datatables.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-4239 is a LOW severity vulnerability in Lagom WHMCS Template versions 2.3.0–2.3.7 that allows attackers to manipulate object prototype attributes via remote access.
You are affected if you are using Lagom WHMCS Template versions 2.3.0 through 2.3.7 and have not upgraded to a patched version. Check your installation version immediately.
Upgrade Lagom WHMCS Template to the latest available version. Consult the vendor's website or repository for the patched release.
A public proof-of-concept exists, indicating a potential for active exploitation. Prompt patching is recommended to reduce your risk.
Due to lack of vendor response, an official advisory may not be available. Monitor security news sources and community forums for updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.