CVE-2024-7067

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7067
A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 Exploit Issue Tracking Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 Exploit Issue Tracking Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 Exploit Issue Tracking Patch
https://vuldb.com/?ctiid.272348 Permissions Required
https://vuldb.com/?id.272348 Permissions Required
https://vuldb.com/?submit.378780 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:shuttur:ecommerce-laravel-bootstrap:*:*:*:*:*:*:*:*
History

26 Jul 2024, 13:14

Type Values Removed Values Added
References () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 - () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 - Patch
References () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 - () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 - Exploit, Issue Tracking, Patch
References () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 - () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 - Exploit, Issue Tracking, Patch
References () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 - () https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 - Exploit, Issue Tracking, Patch
References () https://vuldb.com/?ctiid.272348 - () https://vuldb.com/?ctiid.272348 - Permissions Required
References () https://vuldb.com/?id.272348 - () https://vuldb.com/?id.272348 - Permissions Required
References () https://vuldb.com/?submit.378780 - () https://vuldb.com/?submit.378780 - Third Party Advisory, VDB Entry
Summary
  • (es) Se encontró una vulnerabilidad en kirilkirkov Ecommerce-Laravel-Bootstrap hasta 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. Ha sido calificada como crítica. La función getCartProductsIds del archivo app/Cart.php es afectada por esta vulnerabilidad. La manipulación del argumento laraCart conduce a la deserialización. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. Este producto utiliza un lanzamiento continuo para proporcionar una entrega continua. Por lo tanto, no hay detalles disponibles para las versiones afectadas ni actualizadas. El nombre del parche es a02111a674ab49f65018b31da3011b1e396f59b1. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-272348.
First Time Shuttur
Shuttur ecommerce-laravel-bootstrap
CVSS v2 : 6.5
v3 : 6.3 		v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:shuttur:ecommerce-laravel-bootstrap:*:*:*:*:*:*:*:*

24 Jul 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-24 14:15

Updated : 2024-07-26 13:14

NVD link : CVE-2024-7067

Mitre link : CVE-2024-7067

CVE.ORG link : CVE-2024-7067

JSON object : View

Products Affected

shuttur

  • ecommerce-laravel-bootstrap
CWE
CWE-502

Deserialization of Untrusted Data


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024