PT-2018-12282 · Paymorrow · Paymorrow Module

Publicado

2018-08-20

Atualizado

2022-05-13

CVE-2018-14020

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Paymorrow module versions 1.0.0 through 1.0.1 Paymorrow module versions 2.0.0

Description The issue allows an attacker to bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. This can be done by changing the delivery address to one that is not verified by the Paymorrow module.

Recommendations For Paymorrow module versions 1.0.0 through 1.0.1, update to version 1.0.2 to resolve the issue. For Paymorrow module version 2.0.0, update to version 2.0.1 to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-14020

GHSA-489X-CCJW-Q7C4

Produtos afetados

Paymorrow Module

PT-2018-12282 · Paymorrow · Paymorrow Module

CVE-2018-14020

Identificadores relacionados

Produtos afetados

Referências · 6