exploitDog

GHSA-7qf6-36gw-hmq5

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.

protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.

Ссылки

EPSS

Процентиль: 46%

0.00237

Низкий

7.5 High

CVSS3

CVE ID

Связанные уязвимости

CVE-2018-8761

CVSS3: 7.5

nvd

почти 8 лет назад

protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.

EPSS

Процентиль: 46%

0.00237

Низкий

7.5 High

CVSS3

CVE ID