CVE-2016-4825 — Improper Input Validation in E-commerce

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.6MEDIUMNVD

EPSS

9.5%

top 7.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Welcart E-commerce

Timeline

PublishedJun 25

Latest updateMay 13

Description

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages1 packages

▶NVDwelcart/welcart_e-commerce< 1.8.3

🔴Vulnerability Details

GHSA

GHSA-fx3h-5xv5-mvwq: The Collne Welcart e-Commerce plugin before 1↗2022-05-13

▶

CVEList

CVE-2016-4825: The Collne Welcart e-Commerce plugin before 1↗2016-06-25

▶