Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2018-13784

Published: 09/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 651
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Prestashop

Vulnerability Summary

PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prestashop prestashop

Exploits

Exploit DB: PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
&lt;--- exploitpy ---&gt; #!/usr/bin/env python3 # PrestaShop &lt;= 16119 Privilege Escalation # Charles Fol # 2018-07-10 # # See ambionicsio/blog/prestashop-privilege-escalation # # # The condition for this exploit to work is for an employee to have the same # password as a customer The exploit will yield a valid employee cookie for ...
Exploit DB: PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
#!/usr/bin/env python3 # PrestaShop &lt;= 16119 AES (Rijndael) / openssl_encrypt() Cookie Read # Charles Fol # # See ambionicsio/blog/prestashop-privilege-escalation # # This POC will reveal the content of an employee's cookie # By modifying it one can read/write any PrestaShop cookie # It is a simple padding oracle implementation # ...

Github Repositories

https://github.com/alphaSeclab/awesome-security-collection

1000+ Github Security Resource Collection Repos.

所有收集类项目: 收集的所有开源工具: sec-tool-list: 超过18K, 包括Markdown和Json两种格式 安全资源收集类的 Repo: 1000+各类安全资源收集的Github Repo 全平台逆向资源: Windows平台安全: PE/DLL/DLL-Injection/Dll-Hijack/Dll-Load/UAC-Bypass/Sysmon/AppLocker/ETW/WSL/NET/Process-Injection/Code-Injection/DEP/Kernel/ Linux安全: ELF/

https://github.com/ambionics/prestashop-exploits

Collection of exploits/POC for PrestaShop cookie vulnerabilities (CVE-2018-13784)

prestashop-exploits Collection of exploits/POCs for PrestaShop cookie vulnerabilities (CVE-2018-13784) Refer to ambionicsio/blog/prestashop-privilege-escalation for details

References

NVD-CWE-noinfohttps://github.com/PrestaShop/PrestaShop/pull/9222https://github.com/PrestaShop/PrestaShop/pull/9218http://build.prestashop.com/news/prestashop-1-7-3-4-1-6-1-20-maintenance-releases/https://www.exploit-db.com/exploits/45047/https://www.exploit-db.com/exploits/45046/https://nvd.nist.govhttps://github.com/alphaSeclab/awesome-security-collectionhttps://www.exploit-db.com/exploits/45047/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook