CVE-2025-27130

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.

Related Vulnerabilities

CVE-2020-4271

MEDIUM
CVSS:6.3(Medium)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.

CWE-5022020

CVE-2020-4280

MEDIUM
CVSS:6.3(Medium)

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function....

CWE-5022020

CVE-2020-4888

MEDIUM
CVSS:6.3(Medium)

IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content...

CWE-5022020

CVE-2021-1413

MEDIUM
CVSS:6.3(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary...

CWE-5022021

CVE-2021-1414

MEDIUM
CVSS:6.3(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary...

CWE-5022021

CVE-2021-1415

MEDIUM
CVSS:6.3(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary...

CWE-5022021