CVE-2024-7067

Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87

Description A critical issue has been found in the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch, specifically the one named a02111a674ab49f65018b31da3011b1e396f59b1. As a temporary workaround, consider disabling the getCartProductsIds function until a patch is available. Restrict access to the app/Cart.php file to minimize the risk of exploitation. Avoid using the argument laraCart until the issue is resolved.