CVE-2019-16403
published 2019-09-18CVE-2019-16403: In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by…
PriorityP341high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.39%
69.0th percentile
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bagisto | bagisto | >= 0 < 0.1.5 | 0.1.5 |
| elfutils_project | elfutils | >= 0 < 0.174-r0 | 0.174-r0 |
| elfutils_project | elfutils | >= 0 < 0.176-1.1ubuntu0.1 | 0.176-1.1ubuntu0.1 |
| elfutils_project | elfutils | >= 0 < 0.158-0ubuntu5.3+esm1 | 0.158-0ubuntu5.3+esm1 |
| elfutils_project | elfutils | >= 0 < 0.165-3ubuntu1.2+esm1 | 0.165-3ubuntu1.2+esm1 |
| elfutils_project | elfutils | >= 0 < 0.170-0.4ubuntu0.1+esm1 | 0.170-0.4ubuntu0.1+esm1 |
| webkul | bagisto | < 0.1.5 | 0.1.5 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
elfutils vulnerabilities
osv·2023-08-30·CVSS 5.5
CVE-2018-16062 elfutils vulnerabilities
elfutils vulnerabilities
It was discovered that elfutils incorrectly handled certain malformed
files. If a user or automated system were tricked into processing a
specially crafted file, elfutils could be made to crash or consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310,
CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150,
CVE-2019-7665)
It was discovered that elfutils incorrectly handled bounds checks in
certain functions when processing malformed files. If a user or automated
system were tricked into processing a specially crafted file, elfutils
could be made to crash or consume resources, resulting in a denial of
service. (CVE-2020-21047, CVE-2021-33294)
OSV
Authorization Bypass Through User-Controlled Key in Bagisto
osv·2019-11-08
CVE-2019-16403 [MEDIUM] Authorization Bypass Through User-Controlled Key in Bagisto
Authorization Bypass Through User-Controlled Key in Bagisto
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
GHSA
Authorization Bypass Through User-Controlled Key in Bagisto
ghsa·2019-11-08
CVE-2019-16403 [MEDIUM] CWE-639 Authorization Bypass Through User-Controlled Key in Bagisto
Authorization Bypass Through User-Controlled Key in Bagisto
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
OSV
CVE-2019-16403: In Webkul Bagisto before 0
osv·2019-09-18·CVSS 8.8
CVE-2019-16403 [HIGH] CVE-2019-16403: In Webkul Bagisto before 0
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-18
Published