CVE-2024-7067

Exploit

EPSS 0.77%
Veröffentlicht 24.07.2024 14:15:06
Zuletzt bearbeitet 21.11.2024 09:50:49
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shuttur ≫ Ecommerce-laravel-bootstrap Version < 2024-07-03

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.77%	0.507

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1

Patch

https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18

Patch

Exploit

Issue Tracking

https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359

Patch

Exploit

Issue Tracking

https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135

Patch

Exploit

Issue Tracking

https://vuldb.com/?ctiid.272348

Permissions Required

https://vuldb.com/?id.272348

Permissions Required

https://vuldb.com/?submit.378780

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2024-7067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7067

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7067