Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CubeCart ‘shipping’参数PHP对象注入漏洞
Vulnerability Description
Devellion CubeCart是英国Devellion公司的一套免费且开源的电子商务购物车软件。该软件支持在网上商店销售产品、添加/编辑产品或图像等。 CubeCart 5.0.0至5.2.0版本中的classes/cubecart.class.php中的Cubecart::_basket方法中存在漏洞。通过特制的shipping参数,比如使用Config对象来对应用程序配置进行修改,远程攻击者可利用该漏洞非序列化任意PHP对象。
CVSS Information
N/A
Vulnerability Type
N/A