Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2014-3990

Published: 20/03/2018 Updated: 25/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Opencart

Vulnerability Summary

The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and previous versions allows remote malicious users to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.

Vulnerable Product Search on Vulmon Subscribe to Product

opencart opencart

Exploits

Exploit DB: OpenCart 1.5.6.4 PHP Object Injection
OpenCart versions 1564 and below suffer from a PHP objection injection vulnerability ...

References

CWE-611CWE-918https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076fhttp://www.securityfocus.com/bid/68529http://seclists.org/fulldisclosure/2014/Jul/67http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.htmlhttp://karmainsecurity.com/KIS-2014-08http://www.securityfocus.com/archive/1/532763/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook