CVE-2024-7067

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1	Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18	Exploit Issue Tracking Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359	Exploit Issue Tracking Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135	Exploit Issue Tracking Patch
https://vuldb.com/?ctiid.272348	Permissions Required
https://vuldb.com/?id.272348	Permissions Required
https://vuldb.com/?submit.378780	Third Party Advisory VDB Entry
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1	Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18	Exploit Issue Tracking Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359	Exploit Issue Tracking Patch
https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135	Exploit Issue Tracking Patch
https://vuldb.com/?ctiid.272348	Permissions Required
https://vuldb.com/?id.272348	Permissions Required
https://vuldb.com/?submit.378780	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:shuttur:ecommerce-laravel-bootstrap:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:50

Type	Values Removed	Values Added
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 - Patch~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 - Patch
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 - Exploit, Issue Tracking, Patch~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 - Exploit, Issue Tracking, Patch~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 - Exploit, Issue Tracking, Patch~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 - Exploit, Issue Tracking, Patch
References	~~() https://vuldb.com/?ctiid.272348 - Permissions Required~~	() https://vuldb.com/?ctiid.272348 - Permissions Required
References	~~() https://vuldb.com/?id.272348 - Permissions Required~~	() https://vuldb.com/?id.272348 - Permissions Required
References	~~() https://vuldb.com/?submit.378780 - Third Party Advisory, VDB Entry~~	() https://vuldb.com/?submit.378780 - Third Party Advisory, VDB Entry
CVSS	v2 : ~~6.5~~ v3 : ~~8.8~~	v2 : 6.5 v3 : 6.3

26 Jul 2024, 13:14

Type	Values Removed	Values Added
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 -~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 - Patch
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 -~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 -~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 -~~	() https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 - Exploit, Issue Tracking, Patch
References	~~() https://vuldb.com/?ctiid.272348 -~~	() https://vuldb.com/?ctiid.272348 - Permissions Required
References	~~() https://vuldb.com/?id.272348 -~~	() https://vuldb.com/?id.272348 - Permissions Required
References	~~() https://vuldb.com/?submit.378780 -~~	() https://vuldb.com/?submit.378780 - Third Party Advisory, VDB Entry
Summary		(es) Se encontró una vulnerabilidad en kirilkirkov Ecommerce-Laravel-Bootstrap hasta 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. Ha sido calificada como crítica. La función getCartProductsIds del archivo app/Cart.php es afectada por esta vulnerabilidad. La manipulación del argumento laraCart conduce a la deserialización. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. Este producto utiliza un lanzamiento continuo para proporcionar una entrega continua. Por lo tanto, no hay detalles disponibles para las versiones afectadas ni actualizadas. El nombre del parche es a02111a674ab49f65018b31da3011b1e396f59b1. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-272348.
First Time		Shuttur Shuttur ecommerce-laravel-bootstrap
CPE		cpe:2.3:a:shuttur:ecommerce-laravel-bootstrap::::::::
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : 6.5 v3 : 8.8

24 Jul 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-24 14:15

Updated : 2024-11-21 09:50

NVD link : CVE-2024-7067

Mitre link : CVE-2024-7067

CVE.ORG link : CVE-2024-7067

JSON object : View

Products Affected

shuttur

ecommerce-laravel-bootstrap

CWE

CWE-502

Deserialization of Untrusted Data

6.3 /10