제출 #485445: Aridius OpenCart modules ? Deserialization정보

제목Aridius OpenCart modules ? Deserialization
설명Multiple OpenCart modules named `aridius_XYZ` have a PHP Object Injection vulnerability as a result of Deserialization of Untrusted Data. It is unclear which versions of Aridius extensions - if any - include the vulnerable code as the source code for the "official" versions is not open. It appears to be common for "unofficial" versions of the extensions to be used. The vulnerability is exploitable remotely without authentication. (POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files or achieve Remote Code Execution. Such an attack could result in the compromise of a site.
원천⚠️ https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb
사용자
 mcdruid (UID 79710)
제출2025. 01. 19. PM 06:01 (1 년도 ago)
모더레이션2025. 01. 29. PM 04:29 (10 days later)
상태수락
VulDB 항목293998 [Aridius XYZ 까지 20240927 켜짐 OpenCart News loadMore 권한 상승]
포인트들20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!