CVE-2018-16157
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/08/2018
Last modified:
24/08/2020
Description
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:bijiadao:waimai_super_cms:20150505:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page