1. CVE-Search
  2. CVE-2013-0118
ID CVE-2013-0118
Summary CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.
References
Vulnerable Configurations
  • cpe:2.3:a:cs-cart:cs-cart:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:.1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:.1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:.1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:.1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:.1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:.1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cs-cart:cs-cart:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:cs-cart:cs-cart:3.0.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-02-2013 - 05:00)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
cert-vn VU#583564
confirm http://www.kb.cert.org/vuls/id/BLUU-949PQL
Last major update 25-02-2013 - 05:00
Published 24-02-2013 - 11:48
Last modified 25-02-2013 - 05:00
Back to Top