{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2018-25104",
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "state": "PUBLISHED",
        "assignerShortName": "VulDB",
        "dateReserved": "2024-10-15T09:40:42.753Z",
        "datePublished": "2024-10-17T15:31:04.848Z",
        "dateUpdated": "2024-10-17T17:52:22.017Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
                "shortName": "VulDB",
                "dateUpdated": "2024-10-17T15:31:04.848Z"
            },
            "title": "CoinGate Plugin Payment callback.php postProcess logic error",
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "type": "CWE",
                            "cweId": "CWE-840",
                            "lang": "en",
                            "description": "Business Logic Errors"
                        }
                    ]
                }
            ],
            "affected": [
                {
                    "vendor": "n/a",
                    "product": "CoinGate Plugin",
                    "versions": [
                        {
                            "version": "1.2.0",
                            "status": "affected"
                        },
                        {
                            "version": "1.2.1",
                            "status": "affected"
                        },
                        {
                            "version": "1.2.2",
                            "status": "affected"
                        },
                        {
                            "version": "1.2.3",
                            "status": "affected"
                        },
                        {
                            "version": "1.2.4",
                            "status": "affected"
                        },
                        {
                            "version": "1.2.5",
                            "status": "affected"
                        },
                        {
                            "version": "1.2.6",
                            "status": "affected"
                        },
                        {
                            "version": "1.2.7",
                            "status": "affected"
                        }
                    ],
                    "modules": [
                        "Payment Handler"
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "value": "A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component."
                },
                {
                    "lang": "de",
                    "value": "Eine problematische Schwachstelle wurde in CoinGate Plugin bis 1.2.7 für PrestaShop ausgemacht. Betroffen davon ist die Funktion postProcess der Datei modules/coingate/controllers/front/callback.php der Komponente Payment Handler. Dank Manipulation mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu lösen. Der Patch wird als 0a3097db0aec7c5d66686c142c6abaa1e126ca16 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."
                }
            ],
            "metrics": [
                {
                    "cvssV4_0": {
                        "version": "4.0",
                        "baseScore": 5.3,
                        "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                        "baseSeverity": "MEDIUM"
                    }
                },
                {
                    "cvssV3_1": {
                        "version": "3.1",
                        "baseScore": 4.3,
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                        "baseSeverity": "MEDIUM"
                    }
                },
                {
                    "cvssV3_0": {
                        "version": "3.0",
                        "baseScore": 4.3,
                        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                        "baseSeverity": "MEDIUM"
                    }
                },
                {
                    "cvssV2_0": {
                        "version": "2.0",
                        "baseScore": 4,
                        "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
                    }
                }
            ],
            "timeline": [
                {
                    "time": "2018-01-16T00:00:00.000Z",
                    "lang": "en",
                    "value": "Advisory disclosed"
                },
                {
                    "time": "2018-01-16T00:00:00.000Z",
                    "lang": "en",
                    "value": "Countermeasure disclosed"
                },
                {
                    "time": "2024-10-15T02:00:00.000Z",
                    "lang": "en",
                    "value": "VulDB entry created"
                },
                {
                    "time": "2024-10-15T11:46:42.000Z",
                    "lang": "en",
                    "value": "VulDB entry last update"
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "value": "VulDB GitHub Commit Analyzer",
                    "type": "tool"
                }
            ],
            "references": [
                {
                    "url": "https://vuldb.com/?id.280358",
                    "name": "VDB-280358 | CoinGate Plugin Payment callback.php postProcess logic error",
                    "tags": [
                        "vdb-entry",
                        "technical-description"
                    ]
                },
                {
                    "url": "https://vuldb.com/?ctiid.280358",
                    "name": "VDB-280358 | CTI Indicators (IOB, IOC, IOA)",
                    "tags": [
                        "signature",
                        "permissions-required"
                    ]
                },
                {
                    "url": "https://github.com/coingate/prestashop-plugin/commit/0a3097db0aec7c5d66686c142c6abaa1e126ca16",
                    "tags": [
                        "patch"
                    ]
                },
                {
                    "url": "https://github.com/coingate/prestashop-plugin/releases/tag/v1.2.8",
                    "tags": [
                        "patch"
                    ]
                }
            ]
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-10-17T17:01:49.752042Z",
                                "id": "CVE-2018-25104",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-10-17T17:52:22.017Z"
                }
            }
        ]
    }
}