cve/2018/CVE-2018-13784.md

CVE-2018-13784

Description

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

POC

Reference

• https://www.exploit-db.com/exploits/45046/
• https://www.exploit-db.com/exploits/45047/

Github

• https://github.com/0xT11/CVE-POC
• https://github.com/ambionics/prestashop-exploits
• https://github.com/zapalm/prestashop-security-vulnerability-checker