CVE-2024-7067

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 24, 2024

Updated: Jul 26, 2024

CWE ID 502

Summary

CVE-2024-7067 is a critical vulnerability affecting the kirilkirkov Ecommerce-Laravel-Bootstrap software up to version 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. The issue lies in the getCartProductsIds function of the app/Cart.php file, which can be exploited through manipulation of the laraCart argument. This deserialization vulnerability can be exploited remotely, and the exploit has been made public. The product, which uses a rolling release model, has not yet provided specific version details regarding the affected or updated releases. To mitigate this issue, it is recommended to apply the patch with the identifier a02121a674ab49f65018b31da3011b1e396f59b1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database