CVE-2019-14978

Published: Aug 29, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.

Affected (1)

Products: Woocommerce: Payu India Payment Gateway

Woocommerce

1 product

Payu India Payment Gateway

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Woocommerce Payu India Payment Gateway	Version 2.1.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://gkaim.com/cve-2019-14978-vikas-chaudhary/

Source: cve@mitre.org

ExploitThird Party Advisory

https://wpvulndb.com/vulnerabilities/9959

Source: cve@mitre.org

https://gkaim.com/cve-2019-14978-vikas-chaudhary/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpvulndb.com/vulnerabilities/9959

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.