1. Home
  2. Vulnerabilities
  3. CVE-2020-11007

CVE-2020-11007

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.05 % (20th)
0.05% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2020-04-16 19:15:26
(4 years ago)
Updated Date
2020-04-29 14:13:03
(4 years ago)

Affected Products

Shopizer

Configuration #1

    CPE23 From Up To
  Shopizer prior 2.11.0 version cpe:2.3:a:shopizer:shopizer < 2.11.0