The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
References
Configurations
History
21 Nov 2024, 01:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html - Broken Link | |
References | () http://forums.cubecart.com/?showtopic=47026 - Patch | |
References | () http://karmainsecurity.com/KIS-2013-02 - Exploit | |
References | () http://osvdb.org/89923 - Broken Link | |
References | () http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://secunia.com/advisories/52072 - Not Applicable | |
References | () http://www.exploit-db.com/exploits/24465 - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/57770 - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 - Third Party Advisory, VDB Entry |
09 Jan 2024, 02:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html - Broken Link | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/57770 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/52072 - Not Applicable | |
References | (OSVDB) http://osvdb.org/89923 - Broken Link | |
References | (EXPLOIT-DB) http://www.exploit-db.com/exploits/24465 - Exploit, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:cubecart:cubecart:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.7:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.1.4:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.8:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.1.1:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.1.3:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.1.0:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.1.5:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:cubecart:cubecart:5.0.9:*:*:*:*:*:*:* |
cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:* |
Information
Published : 2013-02-08 20:55
Updated : 2024-11-21 01:49
NVD link : CVE-2013-1465
Mitre link : CVE-2013-1465
CVE.ORG link : CVE-2013-1465
JSON object : View
Products Affected
cubecart
- cubecart
CWE
CWE-502
Deserialization of Untrusted Data