CVE-2022-24108
CRITICALSo Listing Tabs module 2.2.0 for OpenCart - Code Injection
Title source: llmDescription
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.
References (4)
Core 4
Core References
Product, Third Party Advisory x_refsource_misc
https://www.smartaddons.com/opencart-extensions/so-listing-tabs-responsive-opencart-30x-opencart-2x-module
Product, Third Party Advisory x_refsource_misc
https://codecanyon.net/item/so-listing-tabs-responsive-opencart-module/12388133
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2022/May/30
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/167197/OpenCart-So-Listing-Tabs-2.2.0-Unsafe-Deserialization.html
Scores
CVSS v3
9.8
EPSS
0.3296
EPSS Percentile
98.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
skyoftech/so_listing_tabs
2.2.0
Published
May 17, 2022
Tracked Since
Feb 18, 2026