CVE Catalog
CVE-2026-57621
CriticalCVSS 9.8Summary
The Booktics plugin version 1.0.21 and earlier contains an unauthenticated PHP Object Injection vulnerability. An attacker can remotely inject a malicious PHP object without authentication.
Risk Assessment
The risk includes remote code execution, which can lead to full server compromise, data theft, or further attack propagation within the organization's network.
Recommendation
Immediately update the Booktics plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.
Original NVD description (English source)
Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.

