CVE-2022-24108

Опубликовано: 17 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.

Ссылки

http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html
Exploit
Third Party Advisory
VDB Entry
https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133
Product
Third Party Advisory
https://seclists.org/fulldisclosure/2022/May/30
Exploit
Mailing List
Third Party Advisory
https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencart-30x-opencart-2x-module
Product
Third Party Advisory
http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html
Exploit
Third Party Advisory
VDB Entry
https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133
Product
Third Party Advisory
https://seclists.org/fulldisclosure/2022/May/30
Exploit
Mailing List
Third Party Advisory
https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencart-30x-opencart-2x-module
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:skyoftech:so_listing_tabs:2.2.0:*:*:*:*:opencart:*:*

EPSS

Процентиль: 97%

0.40643

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-4mw3-j4r4-8fq9