Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-7441

EPSS 1.70% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-7441

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress WooCommerce PayPal Checkout Payment Gateway插件输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WooCommerce PayPal Checkout Payment Gateway是使用在其中的一个PayPal支付网关插件。 WordPress WooCommerce PayPal Checkout Payment Gateway插件1.6.8版本中的cgi-bin/webscr?cmd=_cart存在输入验证错误漏洞。攻击者可借助‘amount’参数利用该漏洞
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-7441

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-7441

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-03-20 · 38 CVEs total

CVE-2018-20634PHP Scripts Mall Advance B2B Script 缓冲区错误漏洞
CVE-2018-20643PHP Scripts Mall Entrepreneur Job Portal Script 路径遍历漏洞
CVE-2018-20642PHP Scripts Mall Entrepreneur Job Portal Script 缓冲区错误漏洞
CVE-2018-20641PHP Scripts Mall Entrepreneur Job Portal Script 跨站请求伪造漏洞
CVE-2018-20640PHP Scripts Mall Entrepreneur Job Portal Script 跨站脚本漏洞
CVE-2018-20639PHP Scripts Mall Entrepreneur Job Portal Script 跨站脚本漏洞
CVE-2018-20638PHP Scripts Mall Chartered Accountant : Auditor Website 路径遍历漏洞
CVE-2018-20637PHP Scripts Mall Chartered Accountant : Auditor Website 缓冲区错误漏洞
CVE-2018-20636PHP Scripts Mall Chartered Accountant : Auditor Website 跨站脚本漏洞
CVE-2018-20635PHP Scripts Mall Advance B2B Script 路径遍历漏洞
CVE-2018-20644PHP Scripts Mall Basic B2B Script 跨站请求伪造漏洞
CVE-2018-20633PHP Scripts Mall Advance B2B Script 跨站请求伪造漏洞
CVE-2018-20632PHP Scripts Mall Advance B2B Script 跨站脚本漏洞
CVE-2018-20631PHP Scripts Mall Website Seller Script 路径遍历漏洞
CVE-2018-20630PHP Scripts Mall Advance Crowdfunding Script 路径遍历漏洞
CVE-2018-20629PHP Scripts Mall Charity Donation Script readymadeb2bscript 路径遍历漏洞
CVE-2018-20628PHP Scripts Mall Charity Foundation Script 路径遍历漏洞
CVE-2018-20627PHP Scripts Mall Consumer Reviews Script 跨站脚本漏洞
CVE-2018-20626PHP Scripts Mall Consumer Reviews Script 路径遍历漏洞
CVE-2019-7433PHP Scripts Mall Rental Bike Script 跨站请求伪造漏洞

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-7441

No comments yet

Leave a comment