Skip to content

Commit db0573c

Browse files
committed
1 parent 55fbdff commit db0573c

1 file changed

Lines changed: 6 additions & 36 deletions

File tree

advisories/github-reviewed/2024/05/GHSA-pgj4-g5j4-cmfx/GHSA-pgj4-g5j4-cmfx.json

Lines changed: 6 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -1,51 +1,29 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-pgj4-g5j4-cmfx",
4-
"modified": "2024-05-15T18:06:58Z",
4+
"modified": "2024-05-15T18:07:01Z",
55
"published": "2024-05-15T18:06:58Z",
66
"aliases": [],
77
"summary": "cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction",
8-
"details": "cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and app/code/community/Ophirah/Qquoteadv/Helper/Data.php files, poses a significant risk of Remote Code Execution, especially when custom file options are employed on a product. Attackers exploiting this vulnerability could execute arbitrary code remotely, leading to unauthorized access and potential compromise of sensitive data. ",
8+
"details": "-",
99
"severity": [
1010
{
1111
"type": "CVSS_V3",
12-
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
12+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
1313
}
1414
],
1515
"affected": [
1616
{
1717
"package": {
1818
"ecosystem": "Packagist",
19-
"name": "cart2quote/module-quotation-encoded"
19+
"name": ""
2020
},
2121
"ranges": [
2222
{
2323
"type": "ECOSYSTEM",
2424
"events": [
2525
{
26-
"introduced": "4.1.6"
27-
},
28-
{
29-
"last_affected": "4.4.5"
30-
}
31-
]
32-
}
33-
]
34-
},
35-
{
36-
"package": {
37-
"ecosystem": "Packagist",
38-
"name": "cart2quote/module-quotation-encoded"
39-
},
40-
"ranges": [
41-
{
42-
"type": "ECOSYSTEM",
43-
"events": [
44-
{
45-
"introduced": "5.0.0"
46-
},
47-
{
48-
"fixed": "5.4.4"
26+
"introduced": "0"
4927
}
5028
]
5129
}
@@ -56,21 +34,13 @@
5634
{
5735
"type": "PACKAGE",
5836
"url": "https://bitbucket.org/cart2quote2/cart2quote2-releases"
59-
},
60-
{
61-
"type": "WEB",
62-
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/cart2quote/module-quotation/2017-02-01.yaml"
63-
},
64-
{
65-
"type": "WEB",
66-
"url": "https://web.archive.org/web/20230131172111/https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction"
6737
}
6838
],
6939
"database_specific": {
7040
"cwe_ids": [
7141
"CWE-94"
7242
],
73-
"severity": "HIGH",
43+
"severity": "LOW",
7444
"github_reviewed": true,
7545
"github_reviewed_at": "2024-05-15T18:06:58Z",
7646
"nvd_published_at": null

0 commit comments

Comments
 (0)