Vulnerabilities > CVE-2022-24108 - Deserialization of Untrusted Data vulnerability in Skyoftech SO Listing Tabs 2.2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

skyoftech

CWE-502

NVD

Published: 2022-05-17

Updated: 2022-05-26

Summary

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.

Vulnerable Configurations

Part	Description	Count
Application	Skyoftech Skyoftech SO Listing Tabs 2.2.0	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencart-30x-opencart-2x-module
https://seclists.org/fulldisclosure/2022/May/30
https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133
http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html