Published: 08/02/2013 Updated: 09/01/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 up to and including 5.2.0 allows remote malicious users to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cubecart cubecart

------------------------------------------------------------------------- CubeCart <= 520 (cubecartclassphp) PHP Object Injection Vulnerability ------------------------------------------------------------------------- [-] Software Link: wwwcubecartcom/ [-] Affected Versions: All versions from 500 to 520 [-] Vulnerability ...

CubeCart versions 500 through 520 suffer from a PHP object injection vulnerability in cubecartclassphp ...

CWE-502 http://forums.cubecart.com/?showtopic=47026 http://www.exploit-db.com/exploits/24465 http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html http://www.securityfocus.com/bid/57770 http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html http://osvdb.org/89923 http://karmainsecurity.com/KIS-2013-02 http://secunia.com/advisories/52072 https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 https://nvd.nist.gov https://www.exploit-db.com/exploits/24465/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1465

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect