CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7067 – kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization
https://notcve.org/view.php?id=CVE-2024-7067
24 Jul 2024 — A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. • https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/commit/a02111a674ab49f65018b31da3011b1e396f59b1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31823
https://notcve.org/view.php?id=CVE-2024-31823
29 Apr 2024 — An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. Un problema en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código arbitrario a través del método removeSecondaryImage del componente Publish.php. • https://gist.github.com/LioTree/4989e0f20b6a885604dd3178fa4b66b5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31821
https://notcve.org/view.php?id=CVE-2024-31821
29 Apr 2024 — SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component. Vulnerabilidad de inyección SQL en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código de su elección a través del método ManageQuantitiesAndProcurement del componente Orders_model.php. • https://gist.github.com/LioTree/5c963a37e2c335c22e74ca3d9aea32bb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •