Описание
Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.5 (включая)
cpe:2.3:a:shopizer:shopizer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03733
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-189
Связанные уязвимости
github
больше 3 лет назад
Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.
EPSS
Процентиль: 88%
0.03733
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-189