exploitDog

CVE-2018-8761

Опубликовано: 19 мар. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.

Ссылки

https://github.com/QQ704568679/-/blob/master/YXcms%20TheCode%20audit
Third Party Advisory
https://github.com/QQ704568679/-/blob/master/YXcms%20TheCode%20audit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yxcms:yxcms:1.4.7:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00237

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7qf6-36gw-hmq5

CVSS3: 7.5

github

больше 3 лет назад

protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.

EPSS

Процентиль: 46%

0.00237

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo