| 제목 | Aridius OpenCart modules ? Deserialization |
|---|
| 설명 | Multiple OpenCart modules named `aridius_XYZ` have a PHP Object Injection
vulnerability as a result of Deserialization of Untrusted Data.
It is unclear which versions of Aridius extensions - if any - include the
vulnerable code as the source code for the "official" versions is not open. It
appears to be common for "unofficial" versions of the extensions to be used.
The vulnerability is exploitable remotely without authentication.
(POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection
vulnerabilities to be exploited, for example to write arbitrary files or achieve
Remote Code Execution.
Such an attack could result in the compromise of a site. |
|---|
| 원천 | ⚠️ https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb |
|---|
| 사용자 | mcdruid (UID 79710) |
|---|
| 제출 | 2025. 01. 19. PM 06:01 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 29. PM 04:29 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 293998 [Aridius XYZ 까지 20240927 켜짐 OpenCart News loadMore 권한 상승] |
|---|
| 포인트들 | 20 |
|---|