Описание
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-13784
- https://github.com/PrestaShop/PrestaShop/pull/9218
- https://github.com/PrestaShop/PrestaShop/pull/9222
- https://www.exploit-db.com/exploits/45046
- https://www.exploit-db.com/exploits/45047
- http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases
Связанные уязвимости
CVSS3: 9.1
nvd
больше 7 лет назад
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.