5.3
CVE-2019-14978
- EPSS 0.19%
- Veröffentlicht 29.08.2019 19:15:13
- Zuletzt bearbeitet 21.11.2024 04:27:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWooCommerce PayU India <= 2.1.1 - Improper Input Validation
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.
Mögliche Gegenmaßnahme
WooCommerce PayU India (PayUmoney – PayUbiz): No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WooCommerce PayU India (PayUmoney – PayUbiz)
Version
* - 2.1.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Woocommerce ≫ Payu India Payment Gateway Version2.1.1 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.407 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.