Vulnerability Description
In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shopizer | Shopizer | < 2.11.0 |
Related Weaknesses (CWE)
References
- https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e025PatchThird Party Advisory
- https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxThird Party Advisory
- https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e025PatchThird Party Advisory
- https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxThird Party Advisory
FAQ
What is CVE-2020-11007?
CVE-2020-11007 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes...
How severe is CVE-2020-11007?
CVE-2020-11007 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11007?
Check the references section above for vendor advisories and patch information. Affected products include: Shopizer Shopizer.