Vulnerabilities > CVE-2023-5952 - Unspecified vulnerability in Collne Welcart

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

collne

critical

NVD

Published: 2023-12-04

Updated: 2023-12-08

Summary

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog

Vulnerable Configurations

Part	Description	Count
Application	Collne Collne Welcart 1.4.0 Collne Welcart 1.4.1 Collne Welcart 1.4.2 Collne Welcart 1.4.3 Collne Welcart 1.4.4 Collne Welcart 1.4.5 Collne Welcart 1.4.6 Collne Welcart 1.4.7 Collne Welcart 1.4.8 Collne Welcart 1.4.9 Collne Welcart 1.4.10 Collne Welcart 1.4.11 Collne Welcart 1.4.12 Collne Welcart 1.4.13 Collne Welcart 1.4.14 Collne Welcart 1.4.15 Collne Welcart 1.4.16 Collne Welcart 1.4.17 Collne Welcart 1.4.18 Collne Welcart 1.4.19 Collne Welcart 1.4.20 Collne Welcart 1.5.2	22

References

https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7