إرسال #485445: Aridius OpenCart modules ? Deserializationالمعلومات

عنوانAridius OpenCart modules ? Deserialization
الوصفMultiple OpenCart modules named `aridius_XYZ` have a PHP Object Injection vulnerability as a result of Deserialization of Untrusted Data. It is unclear which versions of Aridius extensions - if any - include the vulnerable code as the source code for the "official" versions is not open. It appears to be common for "unofficial" versions of the extensions to be used. The vulnerability is exploitable remotely without authentication. (POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files or achieve Remote Code Execution. Such an attack could result in the compromise of a site.
المصدر⚠️ https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb
المستخدم
 mcdruid (UID 79710)
ارسال19/01/2025 06:01 PM (1 سنة منذ)
الاعتدال29/01/2025 04:29 PM (10 days later)
الحالةتمت الموافقة
إدخال VulDB293998 [Aridius XYZ حتى 20240927 على OpenCart News loadMore تجاوز الصلاحيات]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!