Vulnerabilities > CVE-2018-13784 - Unspecified vulnerability in Prestashop
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Vulnerable Configurations
Exploit-Db
description PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation. CVE-2018-13784. Webapps exploit for PHP platform file exploits/php/webapps/45046.py id EDB-ID:45046 last seen 2018-07-18 modified 2018-07-16 platform php port published 2018-07-16 reporter Exploit-DB source https://www.exploit-db.com/download/45046/ title PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation type webapps description PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation. CVE-2018-13784. Webapps exploit for PHP platform file exploits/php/webapps/45047.txt id EDB-ID:45047 last seen 2018-07-18 modified 2018-07-16 platform php port published 2018-07-16 reporter Exploit-DB source https://www.exploit-db.com/download/45047/ title PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation type webapps
References
- http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/
- http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/
- https://github.com/PrestaShop/PrestaShop/pull/9218
- https://github.com/PrestaShop/PrestaShop/pull/9218
- https://github.com/PrestaShop/PrestaShop/pull/9222
- https://github.com/PrestaShop/PrestaShop/pull/9222
- https://www.exploit-db.com/exploits/45046/
- https://www.exploit-db.com/exploits/45046/
- https://www.exploit-db.com/exploits/45047/
- https://www.exploit-db.com/exploits/45047/