Description
A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument li_op/md can lead to deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.45 is capable of addressing this issue. Upgrading the affected component is advised.
References (8)
Core 8
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-294365 | MaxD Lightning Module deserialization
https://vuldb.com/vuln/294365
Signature, Permissions Required signature
permissions-required
VDB-294365 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/294365/cti
Third Party Advisory third-party-advisory
Submit #489672 | devs.mx OpenCart Lightning 4.43 Deserialization of Untrusted Data
https://vuldb.com/submit/489672
Patch patch
https://lightning.devs.mx/download
Permissions Required, VDB Entry
https://vuldb.com/?ctiid.294365
Permissions Required, VDB Entry
https://vuldb.com/?id.294365
Permissions Required, VDB Entry
https://vuldb.com/?submit.489672
Various Sources exploit
https://gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e
Scores
CVSS v3
5.0
EPSS
0.0040
EPSS Percentile
31.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
CWE-502
Status
published
Products (3)
MaxD/Lightning Module
4.43
MaxD/Lightning Module
4.44
MaxD/Lightning Module
4.45
Published
Feb 03, 2025
Tracked Since
Feb 18, 2026