CVE-2020-11007

Published: Apr 16, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.

Affected (1)

Products: Shopizer: Shopizer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shopizer Shopizer	Before 2.11.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj

Source: security-advisories@github.com

Third Party Advisory

https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.