Vulnerabilities > CVE-2022-24108 - Deserialization of Untrusted Data vulnerability in Skyoftech SO Listing Tabs 2.2.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

skyoftech

CWE-502

critical

NVD

Published: 2022-05-17

Updated: 2022-05-26

Summary

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.

Vulnerable Configurations

Part	Description	Count
Application	Skyoftech Skyoftech SO Listing Tabs 2.2.0	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencart-30x-opencart-2x-module
https://seclists.org/fulldisclosure/2022/May/30
https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133
http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html