CVE-2024-7067 | kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87 app/Cart.php getCartProductsIds laraCart deserialization

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization.

This vulnerability is handled as CVE-2024-7067. The attack may be launched remotely. Furthermore, there is an exploit available.

This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. It is recommended to apply a patch to fix this issue.

CVE-2024-7067 | kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87 app/Cart.php getCartProductsIds laraCart deserialization

Post correlati

CVE-2023-47620 | koush scrypted up to 0.55.0 plugin-http.ts owner/pkg cross site scripting (GHSL-2023-218)

CVE-2024-34799 | Repute Infosystems BookingPress Plugin up to 1.0.82 on WordPress authorization

CVE-2024-29004 | SolarWinds Platform up to 2024.1.1 Web Console cross site scripting

CVE-2024-37544 | Tobias Conrad Get Better Reviews for WooCommerce Plugin up to 4.0.6 on WordPress authorization