Submeter #485445: Aridius OpenCart modules ? Deserializationinformação

TítuloAridius OpenCart modules ? Deserialization
DescriçãoMultiple OpenCart modules named `aridius_XYZ` have a PHP Object Injection vulnerability as a result of Deserialization of Untrusted Data. It is unclear which versions of Aridius extensions - if any - include the vulnerable code as the source code for the "official" versions is not open. It appears to be common for "unofficial" versions of the extensions to be used. The vulnerability is exploitable remotely without authentication. (POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files or achieve Remote Code Execution. Such an attack could result in the compromise of a site.
Fonte⚠️ https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb
Utilizador
 mcdruid (UID 79710)
Submissão19/01/2025 18h01 (há 1 Ano)
Moderação29/01/2025 16h29 (10 days later)
EstadoAceite
Entrada VulDB293998 [Aridius XYZ até 20240927 em OpenCart News loadMore Elevação de Privilégios]
Pontos20

Interested in the pricing of exploits?

See the underground prices here!