Description
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
Remediation
References
Related Vulnerabilities
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-38745)
WordPress Plugin Copy or Move Comments Multiple Vulnerabilities (1.0.0)
Moodle Improper Access Control Vulnerability (CVE-2020-25629)
MySQL CVE-2021-2164 Vulnerability (CVE-2021-2164)
WordPress Plugin Woosaleskit Bar Cross-Site Scripting (1.0.0)