CVE-2014-3990
Published
CVSS v3
N/A
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.
OpenCart Community Edition is an unofficial fork dedicated to backporting all the latest OpenCart bug fixes. This allows users to maintain a stable and secure store without having to wait extended periods between major releases or upgrade to an OpenCart version which may be incompatible with their extensions or themes.
GitHub