Vulnerabilities > CVE-2018-13784 - Unspecified vulnerability in Prestashop

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
prestashop
critical
exploit available
NVD
Published: 2018-07-09
Updated: 2019-10-03

Summary

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Vulnerable Configurations

Part Description Count
Application
Prestashop
151

Exploit-Db

  • descriptionPrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation. CVE-2018-13784. Webapps exploit for PHP platform
    fileexploits/php/webapps/45046.py
    idEDB-ID:45046
    last seen2018-07-18
    modified2018-07-16
    platformphp
    port
    published2018-07-16
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45046/
    titlePrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
    typewebapps
  • descriptionPrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation. CVE-2018-13784. Webapps exploit for PHP platform
    fileexploits/php/webapps/45047.txt
    idEDB-ID:45047
    last seen2018-07-18
    modified2018-07-16
    platformphp
    port
    published2018-07-16
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45047/
    titlePrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
    typewebapps

References