CVE-2020-37168— Ecommerce Systempay 1.0 Production Key Brute Force
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application T1552.004 · Private KeysAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Paiement | Ecommerce Systempay | 1.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-37168
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ecommerce Systempay 1.0 Production Key Brute Force
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, then use SHA1 hash comparison to iteratively test key candidates until discovering the correct production key, enabling them to forge valid payment signatures and manipulate transaction amounts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可逆的单向哈希
Source: NVD (National Vulnerability Database)
Vulnerability Title
Paiement Ecommerce Systempay 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Paiement Ecommerce Systempay是法国Paiement公司的一个电子商务在线支付平台。 Paiement Ecommerce Systempay 1.0版本存在安全漏洞,该漏洞源于弱加密实现,可能导致攻击者暴力破解用于支付签名生成的16字符生产密钥,从而伪造有效支付签名并操纵交易金额。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Paiement | Ecommerce Systempay | 1.0 | - |
II. Public POCs for CVE-2020-37168
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-37168
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-328
- CVE-2026-8803
opensourcepos Open Source Point of Sale Employee Login Emplo - CVE-2026-44582
Next.js: Cache poisoning via collisions in React Server Comp - CVE-2026-34527
Sandboxie-Plus EditPassword hash entropy reduced from 160 bi - CVE-2026-7845
chatchat-space Langchain-Chatchat Vision Chat Paste Image di - CVE-2026-7103
code-projects Chat System MD5 Hash update_user.php weak hash
V. Comments for CVE-2020-37168
No comments yet