CVE-2024-6129

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6

Description: A problematic issue was found in the Username Handler component, specifically in the /login file, where manipulating the email argument leads to observable behavioral discrepancy. This issue can be exploited remotely, with a rather high complexity of attack and difficult exploitability. The exploit has been disclosed to the public.

Recommendations: For version 1.9.0.6, consider restricting access to the /login endpoint or the email argument to minimize the risk of exploitation until a fix is available. As a temporary workaround, consider disabling the unknown function of the Username Handler component that handles the email argument.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-205

Related Identifiers

CVE-2024-6129

Affected Products

Spa-Cartcms

CVE-2024-6129

Weakness Enumeration

Related Identifiers

Affected Products

References · 8