Lucene search

CVE-2018-13784

🗓️ 09 Jul 2018 10:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

PrestaShop mishandles cookie encryption in certain versions

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2018-13784	9 Jul 201810:00	–	cvelist
Prion	Code injection	9 Jul 201810:29	–	prion
OSV	CVE-2018-13784	9 Jul 201810:29	–	osv
NVD	CVE-2018-13784	9 Jul 201810:29	–	nvd
0day.today	PrestaShop < 1.6.1.19 - BlowFish ECD Privilege Escalation Exploit	18 Jul 201800:00	–	zdt
0day.today	PrestaShop < 1.6.1.19 - AES CBC Privilege Escalation Exploit	18 Jul 201800:00	–	zdt

Nvd

Node

prestashop prestashopRange<1.6.1.20

prestashop prestashopRange1.7.0.0–1.7.3.4

Source	Link
exploit-db	www.exploit-db.com/exploits/45046/
github	www.github.com/PrestaShop/PrestaShop/pull/9222
exploit-db	www.exploit-db.com/exploits/45047/
github	www.github.com/PrestaShop/PrestaShop/pull/9218
build	www.build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/

Parameter	Position	Path	Description	CWE
PrestaShop-b0ebb4f17b3e451202e5b044e29ed75d	header	/prestashop/admin177chuncw/	Exploitation of cookie vulnerability allows unauthorized access through admin session manipulation.	CWE-20, CWE-94

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Jul 2018 10:29Current

9.2High risk

Vulners AI Score9.2

CVSS26.4

CVSS39.1

EPSS0.2752