CVE-2025-27130Deserialization of Untrusted Data in E-commerce

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 23.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Welcart E-commerceWelcart INC Welcart E-commerce
Timeline
PublishedApr 1

Description

Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5welcart_inc/welcart_e-commerce2.11.6 and earlier versions

🔴Vulnerability Details

2
GHSA
GHSA-9jfw-fmcq-hgjp: Welcart e-Commerce 22025-04-01
CVEList
CVE-2025-27130: Welcart e-Commerce 22025-04-01
CVE-2025-27130 — Deserialization of Untrusted Data | cvebase