CVE-2013-1465
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.Enginsight
Vendor | Product | Version |
---|---|---|
cubecart | cubecart | 5.0.0 ≤ 𝑥 ≤ 5.2.0 |
Common Weakness Enumeration