CVE-2013-1465
CVE-2013-1465
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.htmlunverifiedcve_referencewww.exploit-db.com/exploits/24465unverifiedexploitdbwww.exploit-db.com/exploits/24465unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.htmlhttp://forums.cubecart.com/?showtopic=47026http://karmainsecurity.com/KIS-2013-02http://osvdb.org/89923http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.htmlhttp://secunia.com/advisories/52072https://exchange.xforce.ibmcloud.com/vulnerabilities/81920http://www.exploit-db.com/exploits/24465http://www.securityfocus.com/bid/57770