JVN#55389065: CS-Cart add-on "Twigmo" vulnerable to PHP object injection

Overview

CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability.

Products Affected

"Twigmo" bundled with CS-Cart v4.3.9 and earlier
"Twigmo" bundled with CS-Cart Multi-Vendor v4.3.9 and earlier

Description

CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized.

Impact

A remote attacker may execute arbitrary PHP code.

Solution

Edit twigmo.php
This vulnerability can be addressed by deleting or commenting out the following part of the "Twigmo" add-on's file app/addons/twigmo/controllers/backend/twigmo.php:

$_REQUEST['status'] = unserialize($_REQUEST['status']);

Vendor Status

Vendor	Link
Frogman Office Inc.	[CVE-2016-4862] Regarding the PHP object injection vulnerability in CS-Cart add-on "Twigmo"
Simtech Ltd.	Top Page

References

JPCERT/CC Addendum

Twigmo is developed/distributed by Simtech Ltd. A localized version for Japan is distributed by Frogman Office Inc.
A Japanese advisory has been released by Frogman Office Inc. on September 14, 2016. Simtech Ltd. will release an advisory at a later time.

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Base Score: 6.0

Attack Vector(AV)	Physical (P)	Local (L)	Adjacent (A)	Network (N)
Attack Complexity(AC)	High (H)	Low (L)
Privileges Required(PR)	High (H)	Low (L)	None (N)
User Interaction(UI)	Required (R)	None (N)
Scope(S)	Unchanged (U)	Changed (C)
Confidentiality Impact(C)	None (N)	Low (L)	High (H)
Integrity Impact(I)	None (N)	Low (L)	High (H)
Availability Impact(A)	None (N)	Low (L)	High (H)

CVSS v2 AV:N/AC:M/Au:S/C:P/I:P/A:P