Back

CVE-2024-7067

July 24, 2024, 5:12 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Ecommerce-Laravel-Bootstrap

Source

cna@vuldb.com

Tags

CWE-502
cna@vuldb.com
2024-07-24
CVE-2024-7067

CVE-2024-7067 details

Published : July 24, 2024, 2:15 p.m.
Last Modified : July 24, 2024, 5:12 p.m.

Description

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348.

CVSS Score

1 2 3 4 5 6.3 7 8 9 10

Weakness

Weakness Name Description
CWE-502 Deserialization of Untrusted Data The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

6.3

Exploitability Score

2.8

Impact Score

3.4

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

URL Source
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 cna@vuldb.com
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 cna@vuldb.com
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 cna@vuldb.com
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 cna@vuldb.com
https://vuldb.com/?ctiid.272348 cna@vuldb.com
https://vuldb.com/?id.272348 cna@vuldb.com
https://vuldb.com/?submit.378780 cna@vuldb.com
This website uses the NVD API, but is not approved or certified by it.