The vulnerability CVE-2024-49699 affects ARPrice versions up to 4.1.3 and is caused by unsafe deserialization of untrusted data, enabling object injection attacks. This can allow an attacker with low privileges to execute arbitrary code or manipulate application behavior, impacting confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (high), reflecting network attack vector, low attack complexity, no user interaction, and significant impact on system security. No patch or official vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability can lead to full compromise of the affected ARPrice application, including unauthorized code execution and data manipulation. The impact covers confidentiality, integrity, and availability, making it a critical risk to systems running vulnerable versions. Since the attack requires only low privileges and no user interaction, it is relatively easy to exploit if an attacker gains limited access.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, it is recommended to restrict access to the ARPrice application to trusted users only and monitor for suspicious activity related to deserialization processes. Avoid processing untrusted input where possible. Follow up with reputeinfosystems for updates on patches or official mitigations.