Date: Thu, 14 Apr 2016 13:44:36 -0400 From: Naser Farhadi <n4ser.farhadi@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: OpenCart 18.104.22.168 to 22.214.171.124 - json_decode Function Remote Code Execution Note: ----------------- Exploit only works if PHP JSON extension is not installed. > On Apr 14, 2016, at 1:26 PM, Naser Farhadi <n4ser.farhadi@...il.com> wrote: > > Hi > > OpenCart is prone to a remote code-execution vulnerability. > > https://www.exploit-db.com/exploits/39679/ <https://www.exploit-db.com/exploits/39679/> > http://seclists.org/bugtraq/2016/Apr/61 <http://seclists.org/bugtraq/2016/Apr/61> > https://github.com/opencart/opencart/issues/4220 <https://github.com/opencart/opencart/issues/4220> > > Could a CVE please be assigned to this issue? > > Regards, > Naser
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.