3 matches found
CVE-2019-18608
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order e.g., its payment status or shipping fee by adding additional...
CVE-2019-18608
creationtimestamp| type| source ---|---|--- 2024-01-29 17:46:04+00:00| seen| https://t.me/ctinow/175425...
CVE-2019-18608
CVE-2019-18608 affects Cezerin v0.33.0, where internal attributes can be overwritten during order processing, allowing a malicious user to modify an order (e.g., payment status or shipping fee) by injecting extra attributes in user input via PUT /ajax/cart during checkout. The issue stems from ge...