PT-2019-13908 · Woocommerce · Woocommerce Payu India Payment Gateway

Publicado

2019-08-29

Atualizado

2019-12-02

CVE-2019-14978

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions WooCommerce PayU India Payment Gateway plugin version 2.1.1

Description The issue allows purchaseQuantity=1 parameter tampering in the /payu/icpcheckout/ endpoint, enabling the purchase of an item for a lower price than intended.

Recommendations For WooCommerce PayU India Payment Gateway plugin version 2.1.1, consider disabling the /payu/icpcheckout/ endpoint until a patch is available to prevent parameter tampering. Avoid using the purchaseQuantity parameter in the affected endpoint until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2019-14978

Produtos afetados

Woocommerce Payu India Payment Gateway

PT-2019-13908 · Woocommerce · Woocommerce Payu India Payment Gateway

CVE-2019-14978

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4