CVE-2013-1465
published 2013-02-08CVE-2013-1465: The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.09%
93.4th percentile
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cubecart | cubecart | 5.0.0 – 5.2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests containing a 'shipping' parameter with base64url-encoded, serialized PHP object payloads targeting CubeCart's cubecart.class.php ↗
- →Detect PHP object injection attempts via the 'shipping' POST parameter, particularly serialized 'Config' class objects which can abuse the __destruct() method to write arbitrary values to the database ↗
- →Flag HTTP POST requests to CubeCart where the 'shipping' parameter value is base64url-encoded and decodes to a PHP serialized object string (beginning with 'O:' or 'a:' patterns) ↗
- ·The vulnerability exists in CubeCart versions 5.0.0 through 5.2.0 only; version 5.2.1 and higher are patched. Detections should be scoped to these affected versions. ↗
- ·The attack vector is specifically the 'shipping' POST parameter processed in the _basket method of classes/cubecart.class.php at line 521; detection rules should target this specific file and parameter. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improperly Controlled Modification of Dynamically-Determined Object Attributes
mitre_cwe
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
If the object contains attributes that were only intended for internal use, then their unexpected modification could lead to a vulnerability. This weakness is sometimes known by the language-specific mechanisms that make it possible, such as mass assignment, autobinding, or object injection.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Application Data. An attacker could modify sensitive d
CWE
Deserialization of Untrusted Data
mitre_cwe
CWE-502 Deserialization of Untrusted Data
CWE-502: Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Background: Serialization and deserialization refer to the process of taking program-internal object-related data, packaging it in a way that allows the data to be externally stored or transferred ("serialization"), then extracting the serialized data to reconstruct the original object ("deserialization").
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Application Data, Unexpected State. Attackers can modify unexpected objects or data that was as
http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.htmlhttp://forums.cubecart.com/?showtopic=47026http://karmainsecurity.com/KIS-2013-02http://osvdb.org/89923http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.htmlhttp://secunia.com/advisories/52072http://www.exploit-db.com/exploits/24465http://www.securityfocus.com/bid/57770https://exchange.xforce.ibmcloud.com/vulnerabilities/81920http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.htmlhttp://forums.cubecart.com/?showtopic=47026http://karmainsecurity.com/KIS-2013-02http://osvdb.org/89923http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.htmlhttp://secunia.com/advisories/52072http://www.exploit-db.com/exploits/24465http://www.securityfocus.com/bid/57770https://exchange.xforce.ibmcloud.com/vulnerabilities/81920
2013-02-08
Published