Description

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Remediation

References

CVE-2018-13784

Related Vulnerabilities

WordPress Plugin Captcha by BestWebSoft Cross-Site Scripting (4.2.9)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7987)

SharePoint CVE-2022-44690 Vulnerability (CVE-2022-44690)

WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Security Bypass (2.7.2)

WordPress Plugin YITH WooCommerce Authorize.net Payment Gateway Security Bypass (1.1.12)

Severity

Critical

Classification

CVE-2018-13784 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities