Vulnerabilities > CVE-2014-4962 - Numeric Errors vulnerability in Shopizer 1.1.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

shopizer

CWE-189

exploit available

NVD

Published: 2014-07-15

Updated: 2024-11-21

Summary

Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.

Vulnerable Configurations

Part	Description	Count
Application	Shopizer Shopizer Shopizer 1.1.5	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	Shopizer 1.1.5 - Multiple Vulnerabilities. CVE-2014-4962,CVE-2014-4963,CVE-2014-4964,CVE-2014-4965. Webapps exploit for php platform
id	EDB-ID:34062
last seen	2016-02-03
modified	2014-07-14
published	2014-07-14
reporter	SEC Consult
source	https://www.exploit-db.com/download/34062/
title	Shopizer 1.1.5 - Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References