漏洞标题
kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds 反序列化
漏洞描述信息
在kirilkirkov Ecommerce-Laravel-Bootstrap版本至1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87中发现了一个漏洞,被评为高度严重。此问题影响文件app/Cart.php中的函数getCartProductsIds。通过操纵参数laraCart,可以进行反序列化操作。这一攻击可通过远程方式发动。该漏洞已被公开披露,可以被利用。此产品使用滚动发布方式提供持续交付,因此,无法获取受影响或更新版本的具体版本号。该补丁的名称为a02111a674ab49f65018b31da3011b1e396f59b1,建议应用补丁以修复此问题。此漏洞的标识为VDB-272348。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
可信数据的反序列化
漏洞标题
kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization
漏洞描述信息
A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
可信数据的反序列化
漏洞标题
kirilkirkov Ecommerce-Laravel-Bootstrap 代码问题漏洞
漏洞描述信息
kirilkirkov Ecommerce-Laravel-Bootstrap是一个响应式、多供应商、多语言在线商店平台(购物车解决方案) kirilkirkov Ecommerce-Laravel-Bootstrap存在代码问题漏洞,该漏洞源于对参数laraCart的操纵会导致反序列化,从而导致远程发起攻击。
CVSS信息
N/A
漏洞类别
代码问题