PT-2018-12282 · Paymorrow · Paymorrow Module

Published

2018-08-20

Updated

2022-05-13

CVE-2018-14020

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Paymorrow module versions 1.0.0 through 1.0.1 Paymorrow module versions 2.0.0

Description The issue allows an attacker to bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. This can be done by changing the delivery address to one that is not verified by the Paymorrow module.

Recommendations For Paymorrow module versions 1.0.0 through 1.0.1, update to version 1.0.2 to resolve the issue. For Paymorrow module version 2.0.0, update to version 2.0.1 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-14020

GHSA-489X-CCJW-Q7C4

Affected Products

Paymorrow Module

PT-2018-12282 · Paymorrow · Paymorrow Module

CVE-2018-14020

Related Identifiers

Affected Products

References · 6