← Back

CVE-2025-27130

nvd nist
Published: Apr 1, 2025Modified: Jul 8, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.

Affected (1)

Welcart
1 product
Welcart E Commerce
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Welcart E Commerce
Up to 2.11.6

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
Release Notes

Timeline

No history available yet.