Deserialization Vulnerability in Kirilkirkov Ecommerce-Laravel-Bootstrap
CVE-2024-7067
Key Information:
- Vendor
Kirilkirkov
- Vendor
- CVE Published:
- 24 July 2024
Badges
What is CVE-2024-7067?
A significant vulnerability has been identified in Kirilkirkov's Ecommerce-Laravel-Bootstrap framework, specifically within the getCartProductsIds function of app/Cart.php. This flaw allows for unsafe manipulation of the laraCart argument, leading to potential deserialization attacks. The vulnerability can be exploited remotely, posing a critical risk to users. As the software utilizes a rolling release model, no explicit version numbers for updated releases are available, making it crucial for administrators to apply the recommended patch identified by the commit hash a02111a674ab49f65018b31da3011b1e396f59b1. It is imperative to address this issue promptly to mitigate the risk of exploitation.
Affected Version(s)
Ecommerce-Laravel-Bootstrap 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
