Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenCart 安全漏洞
Vulnerability Description
OpenCart是中国OpenCart公司的一套开源的电子商务系统。该系统提供产品评论、产品评分、产品添加等模块。 OpenCart 1.5.6.4及之前的版本中的system/library/cart.php文件的Cart::getProducts方法存在安全漏洞。远程攻击者可借助特制的序列化PHP对象利用该漏洞实施服务器端跨站请求伪造攻击或可能实施XML外部实体攻击并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A