Sign-up

ID

VAR-201908-0649


CVE

CVE-2019-14978


TITLE

WordPress for WooCommerce PayU India Payment Gateway Plug-in input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008560

DESCRIPTION

/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker can exploit this vulnerability to tamper with the 'purchaseQuantity' parameter to change the product price

Trust: 1.71

sources: NVD: CVE-2019-14978 // JVNDB: JVNDB-2019-008560 // VULHUB: VHN-146978

AFFECTED PRODUCTS

vendor:woocommercemodel:payu india payment gatewayscope:eqversion:2.1.1

Trust: 1.8

sources: JVNDB: JVNDB-2019-008560 // NVD: CVE-2019-14978

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14978
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-14978
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-2226
value: MEDIUM

Trust: 0.6

VULHUB: VHN-146978
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14978
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-146978
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14978
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-146978 // JVNDB: JVNDB-2019-008560 // CNNVD: CNNVD-201908-2226 // NVD: CVE-2019-14978

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-146978 // JVNDB: JVNDB-2019-008560 // NVD: CVE-2019-14978

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2226

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2226

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008560

PATCH
title:PayU India Payment Gatewayurl:https://docs.woocommerce.com/document/payu-india-payment-gateway/
Trust: 0.8
title:Pluginsurl:https://wordpress.org/plugins/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008560

EXTERNAL IDS
db:NVDid:CVE-2019-14978
Trust: 2.5
db:JVNDBid:JVNDB-2019-008560
Trust: 0.8
db:CNNVDid:CNNVD-201908-2226
Trust: 0.7
db:VULHUBid:VHN-146978
Trust: 0.1
sources:
            
            
            VULHUB: VHN-146978 // 
            
            
            
            JVNDB: JVNDB-2019-008560 // 
            
            
            
            CNNVD: CNNVD-201908-2226 // 
            
            
            
            NVD: CVE-2019-14978

REFERENCES
url:https://gkaim.com/cve-2019-14978-vikas-chaudhary/
Trust: 2.5
url:https://wpvulndb.com/vulnerabilities/9959
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-14978
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14978
Trust: 0.8
sources:
            
            
            VULHUB: VHN-146978 // 
            
            
            
            JVNDB: JVNDB-2019-008560 // 
            
            
            
            CNNVD: CNNVD-201908-2226 // 
            
            
            
            NVD: CVE-2019-14978

SOURCES
db:VULHUBid:VHN-146978
db:JVNDBid:JVNDB-2019-008560
db:CNNVDid:CNNVD-201908-2226
db:NVDid:CVE-2019-14978

LAST UPDATE DATE
2024-11-23T22:11:55.893000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-146978date:2019-12-02T00:00:00
db:JVNDBid:JVNDB-2019-008560date:2019-09-03T00:00:00
db:CNNVDid:CNNVD-201908-2226date:2019-12-04T00:00:00
db:NVDid:CVE-2019-14978date:2024-11-21T04:27:48.663

SOURCES RELEASE DATE
db:VULHUBid:VHN-146978date:2019-08-29T00:00:00
db:JVNDBid:JVNDB-2019-008560date:2019-09-03T00:00:00
db:CNNVDid:CNNVD-201908-2226date:2019-08-29T00:00:00
db:NVDid:CVE-2019-14978date:2019-08-29T19:15:13.773