Vulnerability CVE-2018-13784
Published: 2018-07-09

Description:
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Prestashop -> Prestashop 

 References:
http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/
https://github.com/PrestaShop/PrestaShop/pull/9218
https://github.com/PrestaShop/PrestaShop/pull/9222
https://www.exploit-db.com/exploits/45046/
https://www.exploit-db.com/exploits/45047/
Copyright 2024, cxsecurity.com

 

Back to Top