VDB
CVE-2022-24108
CVE-2022-24108
PUBLISHED
CVSS 7.5 HIGH
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.
EPSS 37.76% · 97.3th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
37.76%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| skyoftech | so_listing_tabs | 2.2.0 |
Timeline
- May 17, 2022 PoC Published
- May 17, 2022 CVE Published
- May 18, 2022 EPSS Score
- Jul 6, 2022 EPSS Score
- Aug 25, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Aug 3, 2023 EPSS Score
- Nov 9, 2023 EPSS Score
- Jan 6, 2024 EPSS Score
References
- https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencart-30x-opencart-2x-module url
- https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133 url
- https://seclists.org/fulldisclosure/2022/May/30 url
- http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html url
- https://nvd.nist.gov/vuln/detail/CVE-2022-24108 advisory