PT-2024-10622 · Unknown · Coingate Plugin
Published
2024-10-17
·
Updated
2024-10-18
·
CVE-2018-25104
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
CoinGate Plugin versions up to 1.2.7
Description
A vulnerability was found in the CoinGate Plugin, affecting the function
postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. This issue leads to business logic errors and can be exploited remotely.Recommendations
For CoinGate Plugin versions up to 1.2.7, upgrade to version 1.2.8 to address this issue. As a temporary workaround, consider disabling the
postProcess function until the patch is applied. Restrict access to the modules/coingate/controllers/front/callback.php file to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coingate Plugin