CVE-2024-5230
published 2024-05-23CVE-2024-5230: A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality…
PriorityP347medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
18.77%
96.9th percentile
A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| envaysoft | fleetcart | — | — |
| envaysoft | fleetcart | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
HTTP GET /en/products?query=123 returning body containing razorpayKeyId: AND loggedIn: AND storeName: with status 200
- →Send a GET request to /en/products?query=123 on a FleetCart instance; a vulnerable response (HTTP 200) will contain the strings 'razorpayKeyId:', 'loggedIn:', and 'storeName:' in the body, with 'razorpayKeyId:' holding a non-empty value. ↗
- →A non-vulnerable (patched) response will contain 'razorpayKeyId: ''' (empty value); use this as a negative matcher to exclude false positives. ↗
- →Shodan fingerprinting query for exposed FleetCart instances: html:"FleetCart" ↗
- →The vulnerability is exploitable unauthenticated (PR:N, UI:N) via a simple GET request; no authentication or user interaction is required to leak the Razorpay payment gateway API key. ↗
- ·The leaked 'razorpayKeyId' is a Razorpay payment gateway API key embedded in redirect responses; its exposure allows attackers to identify and potentially abuse the merchant's payment integration. ↗
- ·The information disclosure occurs in redirect responses across the majority of FleetCart pages, not just the products endpoint — the products path is simply a reliable trigger for detection. ↗
- ·Affected versions are FleetCart up to and including 4.1.1; versions beyond 4.1.1 are expected to be patched. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
FleetCart 4.1.1 - Information Disclosure
nuclei·CVSS 6.9
CVE-2024-5230 [MEDIUM] FleetCart 4.1.1 - Information Disclosure
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay" "razorpayKeyId".
Template:
id: CVE-2024-5230
info:
name: FleetCart 4.1.1 - Information Disclosure
author: s4e-io
severity: medium
description: |
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay" "razorpayKeyId".
impact: |
Unauthenticated attackers can access sensitive configuration data including Razorpay payment gateway API keys through information disclosure in redirect responses.
remediation: |
Update FleetCart to a version later than 4.1.1 that addresses this information disclosure vulnerabi
No writeups or analysis indexed.
2024-05-23
Published