mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
138 lines
5.9 KiB
JSON
138 lines
5.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2018-25104",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "Eine problematische Schwachstelle wurde in CoinGate Plugin bis 1.2.7 f\u00fcr PrestaShop ausgemacht. Betroffen davon ist die Funktion postProcess der Datei modules/coingate/controllers/front/callback.php der Komponente Payment Handler. Dank Manipulation mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0a3097db0aec7c5d66686c142c6abaa1e126ca16 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Business Logic Errors",
|
|
"cweId": "CWE-840"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "n/a",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "CoinGate Plugin",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.3"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.4"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.5"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.6"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.7"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.280358",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.280358"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.280358",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.280358"
|
|
},
|
|
{
|
|
"url": "https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16"
|
|
},
|
|
{
|
|
"url": "https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "VulDB GitHub Commit Analyzer"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 4.3,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 4.3,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 4,
|
|
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
|
}
|
|
]
|
|
}
|
|
} |