Vulnerability Description
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skyoftech | So Listing Tabs | 2.2.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-UnsafExploitThird Party AdvisoryVDB Entry
- https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133ProductThird Party Advisory
- https://seclists.org/fulldisclosure/2022/May/30ExploitMailing ListThird Party Advisory
- https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencProductThird Party Advisory
- http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-UnsafExploitThird Party AdvisoryVDB Entry
- https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133ProductThird Party Advisory
- https://seclists.org/fulldisclosure/2022/May/30ExploitMailing ListThird Party Advisory
- https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencProductThird Party Advisory
FAQ
What is CVE-2022-24108?
CVE-2022-24108 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on ...
How severe is CVE-2022-24108?
CVE-2022-24108 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-24108?
Check the references section above for vendor advisories and patch information. Affected products include: Skyoftech So Listing Tabs.