| عنوان | devs.mx OpenCart Lightning 4.43 Deserialization of Untrusted Data |
|---|
| الوصف | The OpenCart Lightning module has a PHP Object Injection vulnerability as a result of Deserialization of Untrusted Data.
(POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files or achieve Remote Code Execution.
Such an attack could result in the compromise of a site. |
|---|
| المصدر | ⚠️ https://gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e |
|---|
| المستخدم | mcdruid (UID 79710) |
|---|
| ارسال | 26/01/2025 02:54 PM (1 سنة منذ) |
|---|
| الاعتدال | 02/02/2025 10:04 AM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 294365 [MaxD Lightning Module 4.43/4.44 على OpenCart li_op/md تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|