protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.
References
Link | Resource |
---|---|
https://github.com/QQ704568679/-/blob/master/YXcms%20TheCode%20audit | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-19T14:00:00
Updated: 2018-03-19T13:57:01
Reserved: 2018-03-17T00:00:00
Link: CVE-2018-8761
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-19T14:29:00.410
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-8761
JSON object: View
Redhat Information
No data.
CWE