mpay24- PrestaShop module vulnerability (CVE-2014-2009)
Modulempay24
Score
5 MediumDate publish
12-09-2014Versiones afectadas
- Up to and including 1.5.1
- Versions from 1.4.0 up to and including 1.4.0
- Versions from 1.4.1 up to and including 1.4.1
- Versions from 1.4.2 up to and including 1.4.2
- Versions from 1.4.3 up to and including 1.4.3
- Versions from 1.4.4 up to and including 1.4.4
- Versions from 1.4.5 up to and including 1.4.5
- Versions from 1.4.6 up to and including 1.4.6
- Versions from 1.4.7 up to and including 1.4.7
- Versions from 1.4.8 up to and including 1.4.8
- Versions from 1.4.9 up to and including 1.4.9
- Versions from 1.5.0 up to and including 1.5.0
Description
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.References
Metrics
| cvssMetricV2 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:L/Au:N/C:P/I:N/A:N | ||||||||||
| baseScore | 5 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | LOW | ||||||||||
| authentication | NONE | ||||||||||
| confidentialityImpact | PARTIAL | ||||||||||
| integrityImpact | NONE | ||||||||||
| availabilityImpact | NONE | ||||||||||
| baseSeverity | MEDIUM | ||||||||||
| exploitabilityScore | 10 | ||||||||||
| impactScore | 2.9 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | False | ||||||||||