CVE-2024-0739

🗓️ 19 Jan 2024 22:00:04Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

Critical deserialization vulnerability in Hecheng Leadshop up to 1.4.2

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-0739	19 Jan 202423:21	–	circl
CNNVD	Leadshop Code Issues Vulnerabilities	19 Jan 202400:00	–	cnnvd
Cvelist	CVE-2024-0739 Hecheng Leadshop leadshop.php deserialization	19 Jan 202422:00	–	cvelist
EUVD	EUVD-2024-16528	3 Oct 202520:07	–	euvd
NVD	CVE-2024-0739	19 Jan 202422:15	–	nvd
Prion	Deserialization of untrusted data	19 Jan 202422:15	–	prion
Positive Technologies	PT-2024-15796 · Unknown · Hecheng Leadshop	19 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0739	4 Feb 202523:12	–	redhatcve
Vulnrichment	CVE-2024-0739 Hecheng Leadshop leadshop.php deserialization	19 Jan 202422:00	–	vulnrichment

NVD

Vulners

Node

leadshop leadshopRange1.4.0–1.4.20

[
  {
    "vendor": "Hecheng",
    "product": "Leadshop",
    "versions": [
      {
        "version": "1.4.0",
        "status": "affected"
      },
      {
        "version": "1.4.1",
        "status": "affected"
      },
      {
        "version": "1.4.2",
        "status": "affected"
      },
      {
        "version": "1.4.3",
        "status": "affected"
      },
      {
        "version": "1.4.4",
        "status": "affected"
      },
      {
        "version": "1.4.5",
        "status": "affected"
      },
      {
        "version": "1.4.6",
        "status": "affected"
      },
      {
        "version": "1.4.7",
        "status": "affected"
      },
      {
        "version": "1.4.8",
        "status": "affected"
      },
      {
        "version": "1.4.9",
        "status": "affected"
      },
      {
        "version": "1.4.10",
        "status": "affected"
      },
      {
        "version": "1.4.11",
        "status": "affected"
      },
      {
        "version": "1.4.12",
        "status": "affected"
      },
      {
        "version": "1.4.13",
        "status": "affected"
      },
      {
        "version": "1.4.14",
        "status": "affected"
      },
      {
        "version": "1.4.15",
        "status": "affected"
      },
      {
        "version": "1.4.16",
        "status": "affected"
      },
      {
        "version": "1.4.17",
        "status": "affected"
      },
      {
        "version": "1.4.18",
        "status": "affected"
      },
      {
        "version": "1.4.19",
        "status": "affected"
      },
      {
        "version": "1.4.20",
        "status": "affected"
      }
    ]
  }
]

Source	Link
note	www.note.zhaoj.in/share/vLswXhWxUrs8
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
install	query param	web/leadshop.php	Deserialization vulnerability via install parameter in leadshop.php enabling remote code execution	CWE-502

21 Nov 2024 08:47Current

9.5High risk

Vulners AI Score9.5

CVSS 3.17.3 - 9.8

CVSS 27.5

CVSS 37.3

EPSS0.00189

SSVC

CWE-502