6 matches found
Cezerin Unauthorized Acces
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order e.g., its payment status or shipping fee by adding additional...
CVE-2019-18608
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order e.g., its payment status or shipping fee by adding additional...
CVE-2019-18608
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order e.g., its payment status or shipping fee by adding additional...
Information disclosure
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order e.g., its payment status or shipping fee by adding additional...
CVE-2019-18608
CVE-2019-18608 affects Cezerin v0.33.0, where internal attributes can be overwritten during order processing, allowing a malicious user to modify an order (e.g., payment status or shipping fee) by injecting extra attributes in user input via PUT /ajax/cart during checkout. The issue stems from ge...
CVE-2019-18608
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order e.g., its payment status or shipping fee by adding additional...