The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html | Exploit Third Party Advisory VDB Entry |
https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133 | Product Third Party Advisory |
https://seclists.org/fulldisclosure/2022/May/30 | Exploit Mailing List Third Party Advisory |
https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencart-30x-opencart-2x-module | Product Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-05-17 16:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-24108
Mitre link : CVE-2022-24108
CVE.ORG link : CVE-2022-24108
JSON object : View
Products Affected
skyoftech
- so_listing_tabs
CWE
CWE-502
Deserialization of Untrusted Data