CVE-2018-25104

Oct. 18, 2024, 12:52 p.m.

4.3
Medium

Description

A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component.

Product(s) Impacted

Product Versions
PrestaShop CoinGate Plugin
  • ['up to 1.2.7']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-840
None
None

References

https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16
https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8
https://vuldb.com/?ctiid.280358
https://vuldb.com/?id.280358

Tags

cna@vuldb.com
CWE-840
2024-10-17
CVE-2018-25104

CVSS Score

4.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    View Vector String

Timeline

Published: Oct. 17, 2024, 4:15 p.m.
Last Modified: Oct. 18, 2024, 12:52 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.