Lucene search
K

69 matches found

NVD
NVD
added 2020/08/04 11:15 p.m.16 views

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5.3CVSS5.1AI score0.00896EPSS
Exploits1References2
Prion
Prion
added 2020/08/04 11:15 p.m.14 views

Design/Logic Flaw

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5CVSS5.1AI score0.00896EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/08/04 11:15 p.m.1 views

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5.3CVSS5.5AI score0.00896EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/08/04 11:0 p.m.79 views

CVE-2020-15109

Summary: CVE-2020-15109 affects Solidus before 2.8.6, 2.9.6, and 2.10.2, enabling a malicious customer to change the current order’s address via crafted checkout data without updating shipment costs, impacting stores with at least two shipping zones and varying zone costs. Root cause: the checkou...

5.3CVSS5.1AI score0.00896EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/08/04 11:0 p.m.24 views

CVE-2020-15109 Ability to change order address without triggering address validations in solidus

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

5.3CVSS5.1AI score0.00896EPSS
Exploits1References2
OSV
OSV
added 2020/08/04 10:17 p.m.24 views

GHSA-3MVG-RRRW-M7PH Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS5AI score0.00896EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2020/08/04 10:17 p.m.50 views

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS0.1AI score0.00896EPSS
Exploits1References7Affected Software2
RubySec
RubySec
added 2020/08/04 12:0 a.m.18 views

Ability to change order address without triggering address validations in solidus

Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zo...

5.3CVSS0.00896EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2018/01/05 8:30 a.m.9 views

Unauthorized API Access

solidus is vulnerable to unauthorized API access attacks. The vulnerability exists as API keys were not validated for critical endpoints such as the Api::Orderscreate endpoint...

6.8AI score
Exploits0
Rows per page
Query Builder