CVE-2013-1465

The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:49

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html - Broken Link
References () http://forums.cubecart.com/?showtopic=47026 - Patch () http://forums.cubecart.com/?showtopic=47026 - Patch
References () http://karmainsecurity.com/KIS-2013-02 - Exploit () http://karmainsecurity.com/KIS-2013-02 - Exploit
References () http://osvdb.org/89923 - Broken Link () http://osvdb.org/89923 - Broken Link
References () http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html - Exploit, Third Party Advisory, VDB Entry
References () http://secunia.com/advisories/52072 - Not Applicable () http://secunia.com/advisories/52072 - Not Applicable
References () http://www.exploit-db.com/exploits/24465 - Exploit, Third Party Advisory, VDB Entry () http://www.exploit-db.com/exploits/24465 - Exploit, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/57770 - Broken Link () http://www.securityfocus.com/bid/57770 - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 - Third Party Advisory, VDB Entry

09 Jan 2024, 02:21

Type Values Removed Values Added
CWE CWE-20 CWE-502
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 9.8
References (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html - (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 - Third Party Advisory, VDB Entry
References (MISC) http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html - Exploit (MISC) http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html - Exploit, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/57770 - (BID) http://www.securityfocus.com/bid/57770 - Broken Link
References (SECUNIA) http://secunia.com/advisories/52072 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/52072 - Not Applicable
References (OSVDB) http://osvdb.org/89923 - (OSVDB) http://osvdb.org/89923 - Broken Link
References (EXPLOIT-DB) http://www.exploit-db.com/exploits/24465 - Exploit (EXPLOIT-DB) http://www.exploit-db.com/exploits/24465 - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:cubecart:cubecart:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*

Information

Published : 2013-02-08 20:55

Updated : 2024-11-21 01:49


NVD link : CVE-2013-1465

Mitre link : CVE-2013-1465

CVE.ORG link : CVE-2013-1465


JSON object : View

Products Affected

cubecart

  • cubecart
CWE
CWE-502

Deserialization of Untrusted Data