Vulnerabilities > CVE-2014-4962 - Numeric Errors vulnerability in Shopizer 1.1.5

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

shopizer

CWE-189

exploit available

NVD

Published: 2014-07-15

Updated: 2018-10-09

Summary

Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.

Vulnerable Configurations

Part	Description	Count
Application	Shopizer Shopizer Shopizer 1.1.5	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	Shopizer 1.1.5 - Multiple Vulnerabilities. CVE-2014-4962,CVE-2014-4963,CVE-2014-4964,CVE-2014-4965. Webapps exploit for php platform
id	EDB-ID:34062
last seen	2016-02-03
modified	2014-07-14
published	2014-07-14
reporter	SEC Consult
source	https://www.exploit-db.com/download/34062/
title	Shopizer 1.1.5 - Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References