CVE-2018-25104

A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16
https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8
https://vuldb.com/?ctiid.280358
https://vuldb.com/?id.280358

Configurations

No configuration.

History

18 Oct 2024, 12:52

Type	Values Removed	Values Added
Summary		(es) Se ha detectado una vulnerabilidad en el complemento CoinGate hasta la versión 1.2.7 de PrestaShop. Se ha calificado como problemática. La función postProcess del archivo modules/coingate/controllers/front/callback.php del componente Payment Handler se ve afectada por este problema. La manipulación provoca errores de lógica empresarial. El ataque puede iniciarse de forma remota. La actualización a la versión 1.2.8 puede solucionar este problema. El parche se identifica como 0a3097db0aec7c5d66686c142c6abaa1e126ca16. Se recomienda actualizar el componente afectado.

17 Oct 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-17 16:15

Updated : 2024-10-18 12:52

NVD link : CVE-2018-25104

Mitre link : CVE-2018-25104

CVE.ORG link : CVE-2018-25104

JSON object : View

Products Affected

No product.

CWE

CWE-840

Business Logic Errors

{"id": "CVE-2018-25104", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-17T16:15:03.207", "references": [{"url": "https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16", "source": "cna@vuldb.com"}, {"url": "https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.280358", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.280358", "source": "cna@vuldb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-840"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en el complemento CoinGate hasta la versi\u00f3n 1.2.7 de PrestaShop. Se ha calificado como problem\u00e1tica. La funci\u00f3n postProcess del archivo modules/coingate/controllers/front/callback.php del componente Payment Handler se ve afectada por este problema. La manipulaci\u00f3n provoca errores de l\u00f3gica empresarial. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.2.8 puede solucionar este problema. El parche se identifica como 0a3097db0aec7c5d66686c142c6abaa1e126ca16. Se recomienda actualizar el componente afectado."}], "lastModified": "2024-10-18T12:52:33.507", "sourceIdentifier": "cna@vuldb.com"}