Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by Lagom

    CVE-2026-6601 (GCVE-0-2026-6601)

    Vulnerability from nvd – Published: 2026-04-20 03:30 – Updated: 2026-04-20 16:09
    VLAI
    Title
    Lagom WHMCS Template Datatables resource consumption
    Summary
    A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lagom WHMCS Template Affected: 2.4.0
    Affected: 2.4.1
    Affected: 2.4.2
    Create a notification for this product.
    Credits
    s4nnty (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6601",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-20T16:09:11.141034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T16:09:24.835Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Datatables"
              ],
              "product": "WHMCS Template",
              "vendor": "Lagom",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.4.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "s4nnty (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T03:30:14.978Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-358236 | Lagom WHMCS Template Datatables resource consumption",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/358236"
            },
            {
              "name": "VDB-358236 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/358236/cti"
            },
            {
              "name": "Submit #791943 | Lagom WHMCS Template \u2264 2.4.2 Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/791943"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/devsamuelsantiago/lagom-whmcs-dos-poc"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-19T16:02:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Lagom WHMCS Template Datatables resource consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-6601",
        "datePublished": "2026-04-20T03:30:14.978Z",
        "dateReserved": "2026-04-19T13:56:59.565Z",
        "dateUpdated": "2026-04-20T16:09:24.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4239 (GCVE-0-2026-4239)

    Vulnerability from nvd – Published: 2026-03-16 13:02 – Updated: 2026-03-16 14:42
    VLAI
    Title
    Lagom WHMCS Template Datatables prototype pollution
    Summary
    A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes
    • CWE-94 - Code Injection
    Assigner
    Impacted products
    Vendor Product Version
    Lagom WHMCS Template Affected: 2.3.0
    Affected: 2.3.1
    Affected: 2.3.2
    Affected: 2.3.3
    Affected: 2.3.4
    Affected: 2.3.5
    Affected: 2.3.6
    Affected: 2.3.7
    Create a notification for this product.
    Credits
    s4nnty (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4239",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:42:17.217378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:42:22.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Datatables"
              ],
              "product": "WHMCS Template",
              "vendor": "Lagom",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.2"
                },
                {
                  "status": "affected",
                  "version": "2.3.3"
                },
                {
                  "status": "affected",
                  "version": "2.3.4"
                },
                {
                  "status": "affected",
                  "version": "2.3.5"
                },
                {
                  "status": "affected",
                  "version": "2.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "s4nnty (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "Improperly Controlled Modification of Object Prototype Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T13:02:08.856Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-351181 | Lagom WHMCS Template Datatables prototype pollution",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.351181"
            },
            {
              "name": "VDB-351181 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.351181"
            },
            {
              "name": "Submit #771350 | Lagom Lagom WHMCS Template * Prototype Pollution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.771350"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/devsamuelsantiago/lagom-prototype-pollution-poc/"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/devsamuelsantiago/lagom-prototype-pollution-poc/blob/main/lagom-prototype-pollution-poc.js"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-15T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-15T21:43:11.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Lagom WHMCS Template Datatables prototype pollution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-4239",
        "datePublished": "2026-03-16T13:02:08.856Z",
        "dateReserved": "2026-03-15T20:37:03.899Z",
        "dateUpdated": "2026-03-16T14:42:22.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6601 (GCVE-0-2026-6601)

    Vulnerability from cvelistv5 – Published: 2026-04-20 03:30 – Updated: 2026-04-20 16:09
    VLAI
    Title
    Lagom WHMCS Template Datatables resource consumption
    Summary
    A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lagom WHMCS Template Affected: 2.4.0
    Affected: 2.4.1
    Affected: 2.4.2
    Create a notification for this product.
    Credits
    s4nnty (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6601",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-20T16:09:11.141034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T16:09:24.835Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Datatables"
              ],
              "product": "WHMCS Template",
              "vendor": "Lagom",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.4.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "s4nnty (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T03:30:14.978Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-358236 | Lagom WHMCS Template Datatables resource consumption",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/358236"
            },
            {
              "name": "VDB-358236 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/358236/cti"
            },
            {
              "name": "Submit #791943 | Lagom WHMCS Template \u2264 2.4.2 Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/791943"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/devsamuelsantiago/lagom-whmcs-dos-poc"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-19T16:02:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Lagom WHMCS Template Datatables resource consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-6601",
        "datePublished": "2026-04-20T03:30:14.978Z",
        "dateReserved": "2026-04-19T13:56:59.565Z",
        "dateUpdated": "2026-04-20T16:09:24.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4239 (GCVE-0-2026-4239)

    Vulnerability from cvelistv5 – Published: 2026-03-16 13:02 – Updated: 2026-03-16 14:42
    VLAI
    Title
    Lagom WHMCS Template Datatables prototype pollution
    Summary
    A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes
    • CWE-94 - Code Injection
    Assigner
    Impacted products
    Vendor Product Version
    Lagom WHMCS Template Affected: 2.3.0
    Affected: 2.3.1
    Affected: 2.3.2
    Affected: 2.3.3
    Affected: 2.3.4
    Affected: 2.3.5
    Affected: 2.3.6
    Affected: 2.3.7
    Create a notification for this product.
    Credits
    s4nnty (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4239",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:42:17.217378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:42:22.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Datatables"
              ],
              "product": "WHMCS Template",
              "vendor": "Lagom",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.2"
                },
                {
                  "status": "affected",
                  "version": "2.3.3"
                },
                {
                  "status": "affected",
                  "version": "2.3.4"
                },
                {
                  "status": "affected",
                  "version": "2.3.5"
                },
                {
                  "status": "affected",
                  "version": "2.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "s4nnty (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "Improperly Controlled Modification of Object Prototype Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T13:02:08.856Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-351181 | Lagom WHMCS Template Datatables prototype pollution",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.351181"
            },
            {
              "name": "VDB-351181 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.351181"
            },
            {
              "name": "Submit #771350 | Lagom Lagom WHMCS Template * Prototype Pollution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.771350"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/devsamuelsantiago/lagom-prototype-pollution-poc/"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/devsamuelsantiago/lagom-prototype-pollution-poc/blob/main/lagom-prototype-pollution-poc.js"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-15T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-15T21:43:11.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Lagom WHMCS Template Datatables prototype pollution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-4239",
        "datePublished": "2026-03-16T13:02:08.856Z",
        "dateReserved": "2026-03-15T20:37:03.899Z",
        "dateUpdated": "2026-03-16T14:42:22.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }