PT-2002-3015 · 3D3.Com · 3D3.Com Shopfactory

Published

2002-12-31

Updated

2017-07-29

CVE-2002-2303

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions: 3D3.Com ShopFactory version 5.8

Description: The issue concerns the use of client-side encryption and decryption for sensitive price data. This allows remote attackers to modify shopping cart prices by utilizing Javascript to decrypt the cookie containing the data.

Recommendations: For version 5.8, consider implementing server-side encryption to protect sensitive price data, and restrict the use of client-side Javascript for decryption purposes until a more secure method is implemented.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2002-2303

Affected Products

3D3.Com Shopfactory

PT-2002-3015 · 3D3.Com · 3D3.Com Shopfactory

CVE-2002-2303

Weakness Enumeration

Related Identifiers

Affected Products

References · 6