CVE-2018-14020

Опубликовано: 20 авг. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module.

Ссылки

https://bugs.oxid-esales.com/view.php?id=6801
Vendor Advisory
https://oxidforge.org/en/security-bulletin-2018-003.html
Vendor Advisory
https://bugs.oxid-esales.com/view.php?id=6801
Vendor Advisory
https://oxidforge.org/en/security-bulletin-2018-003.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:paymorrow:paymorrow:1.0.0:*:*:*:*:oxid_eshop:*:*

cpe:2.3:a:paymorrow:paymorrow:1.0.2:rc1:*:*:*:oxid_eshop:*:*

cpe:2.3:a:paymorrow:paymorrow:2.0.0:*:*:*:*:oxid_eshop:*:*

EPSS

Процентиль: 42%

0.00202

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-489x-ccjw-q7c4