exploitDog

CVE-2018-13784

Опубликовано: 09 июл. 2018

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Средний

Описание

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Ссылки

http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/
Vendor Advisory
https://github.com/PrestaShop/PrestaShop/pull/9218
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/pull/9222
Third Party Advisory
https://www.exploit-db.com/exploits/45046/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45047/
Exploit
Third Party Advisory
VDB Entry
http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/
Vendor Advisory
https://github.com/PrestaShop/PrestaShop/pull/9218
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/pull/9222
Third Party Advisory
https://www.exploit-db.com/exploits/45046/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45047/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия до 1.6.1.20 (исключая)

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.7.0.0 (включая) до 1.7.3.4 (исключая)

EPSS

Процентиль: 98%

0.49531

Средний

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-x435-2gv7-whj6

CVSS3: 9.1

github

больше 3 лет назад

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

EPSS

Процентиль: 98%

0.49531

Средний

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo