3 matches found
EUVD-2026-43042
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce Basket allows Object Injection. This issue affects Drupal AlternativeCommerce Basket versions: from 0.0.0 to 2.1.17...
CVE-2026-9726
The vulnerability CVE-2026-9726 affects Drupal’s Basket (AlternativeCommerce) module, with versions 0.0.0 through 2.1.17. The root cause is improper sanitization of user-supplied data before PHP unserialize(), enabling PHP Object Injection if a viable gadget chain exists in site code or dependenc...
Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038
The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before passing it to PHP's unserialize. An attacker can supply a crafted payload and trigger PHP Object Injection. If a viable gadget chain exists in the...