Lucene search

K
osvGoogleOSV:GHSA-PGJ4-G5J4-CMFX
HistoryMay 15, 2024 - 6:06 p.m.

cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

2024-05-1518:06:58
Google
osv.dev
3
remote code execution
cart2quote
module-quotation-encoded
vulnerability
unserialize function
data processing
get request
downloadcontroller.php
helper data.php
custom file options
unauthorized access
sensitive data
software

8.3 High

AI Score

Confidence

Low

cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and app/code/community/Ophirah/Qquoteadv/Helper/Data.php files, poses a significant risk of Remote Code Execution, especially when custom file options are employed on a product. Attackers exploiting this vulnerability could execute arbitrary code remotely, leading to unauthorized access and potential compromise of sensitive data.

8.3 High

AI Score

Confidence

Low