Description
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ghost Arbitrary File Download (0.5.5)
WordPress Plugin Top 10-Popular posts for WordPress Multiple Vulnerabilities (3.2.4)
Lighttpd Use After Free Vulnerability (CVE-2013-4560)
MySQL CVE-2020-2763 Vulnerability (CVE-2020-2763)
WordPress Plugin Royal PrettyPhoto Cross-Site Scripting (1.2)