CVE-2018-25104

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-25104

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25104.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-25104

Published

2024-10-17T16:15:03.207Z

Modified

2026-04-02T01:24:31.905996Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/coingate/prestashop-plugin

Affected ranges

Type: GIT
Repo: https://github.com/coingate/prestashop-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0a3097db0aec7c5d66686c142c6abaa1e126ca16

Type: GIT
Repo: https://github.com/coingate/prestashop-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

43c19629661066ccd56ea22ef541133d4b939714

Affected versions

v1.*

v1.1.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25104.json"