CVE-2013-1465

Name of the Vulnerable Software and Affected Versions CubeCart versions 5.0.0 through 5.2.0

Description The issue allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter. This can be used to modify the application configuration using the Config object.

Recommendations For CubeCart versions 5.0.0 through 5.2.0, consider disabling the Cubecart:: basket method until a patch is available. Restrict access to the classes/cubecart.class.php file to minimize the risk of exploitation. Avoid using the shipping parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.