Description

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Remediation

References

CVE-2018-13784

Related Vulnerabilities

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-20035)

Apache HTTP Server Use After Free Vulnerability (CVE-2019-0196)

WordPress Plugin Divi Builder Security Bypass (1.2.3)

WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-23450)

WordPress Plugin VDZ CallBack Cross-Site Scripting (1.14.5)

Severity

Critical

Classification

CVE-2018-13784 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities