提出 #485445: Aridius OpenCart modules ? Deserialization情報

タイトルAridius OpenCart modules ? Deserialization
説明Multiple OpenCart modules named `aridius_XYZ` have a PHP Object Injection vulnerability as a result of Deserialization of Untrusted Data. It is unclear which versions of Aridius extensions - if any - include the vulnerable code as the source code for the "official" versions is not open. It appears to be common for "unofficial" versions of the extensions to be used. The vulnerability is exploitable remotely without authentication. (POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files or achieve Remote Code Execution. Such an attack could result in the compromise of a site.
ソース⚠️ https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb
ユーザー
 mcdruid (UID 79710)
送信2025年01月19日 18:01 (1 年 ago)
モデレーション2025年01月29日 16:29 (10 days later)
ステータス承諾済み
VulDBエントリ293998 [Aridius XYZ 迄 20240927 上 OpenCart News loadMore 特権昇格]
ポイント20

Might our Artificial Intelligence support you?

Check our Alexa App!