CVE-2013-1465 in Cubecart
Sumário
de MITRE
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.