Lucene search
K

5 matches found

OSV
OSV
added 2020/04/22 8:59 p.m.24 views

GHSA-W8RC-PGXQ-X2CJ Negative charge in shopping cart in Shopizer

Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...

6.5CVSS6.4AI score0.00852EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/04/22 8:59 p.m.60 views

Negative charge in shopping cart in Shopizer

Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...

6.5CVSS2.9AI score0.00852EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2020/04/22 8:59 p.m.7 views

com.shopizer:shopizer-shipping-canadapost-module (>=0.0.1 <=2.11.0), com.shopizer:shopizer-shipping-distance-processor (=2.0.3) +1 more potentially affected by CVE-2020-11007 via com.shopizer:sm-core-model (>=2.0.2 <=2.10.0)

com.shopizer:sm-core-model MAVEN version =2.0.2, =0.0.1, =2.0.2, =2.0.3 Source cves: CVE-2020-11007 Source advisory: OSV:GHSA-W8RC-PGXQ-X2CJ...

6.5CVSS6.6AI score0.00852EPSS
Exploits0
CVE
CVE
added 2020/04/16 6:20 p.m.71 views

CVE-2020-11007

Vulnerability: CVE-2020-11007 affects Shopizer prior to v2.11.0 where negative quantities in API/Controller paths are not properly validated, leading to incorrect shopping cart totals and the possibility of a negative order total. Root cause: insufficient validation of quantity parameters. Impact...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/04/16 6:20 p.m.24 views

CVE-2020-11007 Negative charge in shopping cart possible in Shopizer

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References2
Rows per page
Query Builder