PT-2024-27453 · Aimeos · Aimeos Html Client
Ssshah2131
·
Published
2024-06-05
·
Updated
2024-06-13
·
CVE-2024-37296
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Aimeos HTML client versions 2020.04.1 through 2020.10.26
Aimeos HTML client versions prior to 2021.10.21
Aimeos HTML client versions prior to 2022.10.12
Aimeos HTML client versions prior to 2023.10.14
Aimeos HTML client versions prior to 2024.04.5
Description
The issue allows digital downloads sold in online shops to be downloaded without valid payment, for example, if the payment did not succeed.
Recommendations
For versions 2020.04.1 through 2020.10.26, update to version 2020.10.27 or later.
For versions prior to 2021.10.21, update to version 2021.10.21 or later.
For versions prior to 2022.10.12, update to version 2022.10.12 or later.
For versions prior to 2023.10.14, update to version 2023.10.14 or later.
For versions prior to 2024.04.5, update to version 2024.04.5 or later.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aimeos Html Client