CVE-2020-28339 — Deserialization of Untrusted Data in E-commerce

CWE-502 — Deserialization of Untrusted Data3 documents3 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
0.8%
top 25.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Welcart E-commerce
Timeline
PublishedNov 7
Latest updateMay 24

Description

The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

â–¶NVDwelcart/welcart_e-commerce< 1.9.36

🔴Vulnerability Details

2
GHSA
GHSA-vh49-3q2g-93gh: The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1↗2022-05-24
â–¶
CVEList
CVE-2020-28339: The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1↗2020-11-07
â–¶
CVE-2020-28339 — Deserialization of Untrusted Data | cvebase