{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2018-25104", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-15T09:40:42.753Z", "datePublished": "2024-10-17T15:31:04.848Z", "dateUpdated": "2024-10-17T17:52:22.017Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-17T15:31:04.848Z"}, "title": "CoinGate Plugin Payment callback.php postProcess logic error", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-840", "lang": "en", "description": "Business Logic Errors"}]}], "affected": [{"vendor": "n/a", "product": "CoinGate Plugin", "versions": [{"version": "1.2.0", "status": "affected"}, {"version": "1.2.1", "status": "affected"}, {"version": "1.2.2", "status": "affected"}, {"version": "1.2.3", "status": "affected"}, {"version": "1.2.4", "status": "affected"}, {"version": "1.2.5", "status": "affected"}, {"version": "1.2.6", "status": "affected"}, {"version": "1.2.7", "status": "affected"}], "modules": ["Payment Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in CoinGate Plugin bis 1.2.7 f\u00fcr PrestaShop ausgemacht. Betroffen davon ist die Funktion postProcess der Datei modules/coingate/controllers/front/callback.php der Komponente Payment Handler. Dank Manipulation mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0a3097db0aec7c5d66686c142c6abaa1e126ca16 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2018-01-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2018-01-16T00:00:00.000Z", "lang": "en", "value": "Countermeasure disclosed"}, {"time": "2024-10-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-15T11:46:42.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.280358", "name": "VDB-280358 | CoinGate Plugin Payment callback.php postProcess logic error", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280358", "name": "VDB-280358 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16", "tags": ["patch"]}, {"url": "https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-17T17:01:49.752042Z", "id": "CVE-2018-25104", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T17:52:22.017Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-17T17:01:49.752042Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T17:01:57.473Z"}}], "cna": {"title": "CoinGate Plugin Payment callback.php postProcess logic error", "credits": [{"lang": "en", "type": "tool", "value": "VulDB GitHub Commit Analyzer"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "n/a", "modules": ["Payment Handler"], "product": "CoinGate Plugin", "versions": [{"status": "affected", "version": "1.2.0"}, {"status": "affected", "version": "1.2.1"}, {"status": "affected", "version": "1.2.2"}, {"status": "affected", "version": "1.2.3"}, {"status": "affected", "version": "1.2.4"}, {"status": "affected", "version": "1.2.5"}, {"status": "affected", "version": "1.2.6"}, {"status": "affected", "version": "1.2.7"}]}], "timeline": [{"lang": "en", "time": "2018-01-16T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2018-01-16T00:00:00.000Z", "value": "Countermeasure disclosed"}, {"lang": "en", "time": "2024-10-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-10-15T11:46:42.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.280358", "name": "VDB-280358 | CoinGate Plugin Payment callback.php postProcess logic error", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280358", "name": "VDB-280358 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16", "tags": ["patch"]}, {"url": "https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in CoinGate Plugin bis 1.2.7 f\u00fcr PrestaShop ausgemacht. Betroffen davon ist die Funktion postProcess der Datei modules/coingate/controllers/front/callback.php der Komponente Payment Handler. Dank Manipulation mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0a3097db0aec7c5d66686c142c6abaa1e126ca16 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-840", "description": "Business Logic Errors"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-17T15:31:04.848Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25104", "state": "PUBLISHED", "dateUpdated": "2024-10-17T17:52:22.017Z", "dateReserved": "2024-10-15T09:40:42.753Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-10-17T15:31:04.848Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en el complemento CoinGate hasta la versi\u00f3n 1.2.7 de PrestaShop. Se ha calificado como problem\u00e1tica. La funci\u00f3n postProcess del archivo modules/coingate/controllers/front/callback.php del componente Payment Handler se ve afectada por este problema. La manipulaci\u00f3n provoca errores de l\u00f3gica empresarial. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.2.8 puede solucionar este problema. El parche se identifica como 0a3097db0aec7c5d66686c142c6abaa1e126ca16. Se recomienda actualizar el componente afectado."}], "id": "CVE-2018-25104", "lastModified": "2024-10-18T12:52:33.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-10-17T16:15:03.207", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16"}, {"source": "cna@vuldb.com", "url": "https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.280358"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.280358"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-840"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}