cbcvebase.
CVE-2024-5230
published 2024-05-23

CVE-2024-5230: A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality…

PriorityP347medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
18.77%
96.9th percentile
A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
envaysoftfleetcart
envaysoftfleetcart

Detection & IOCsextracted from sources · hover to see the quote

url/en/products?query=123
otherrazorpayKeyId:
sigma
HTTP GET /en/products?query=123 returning body containing razorpayKeyId: AND loggedIn: AND storeName: with status 200
  • Send a GET request to /en/products?query=123 on a FleetCart instance; a vulnerable response (HTTP 200) will contain the strings 'razorpayKeyId:', 'loggedIn:', and 'storeName:' in the body, with 'razorpayKeyId:' holding a non-empty value.
  • A non-vulnerable (patched) response will contain 'razorpayKeyId: ''' (empty value); use this as a negative matcher to exclude false positives.
  • Shodan fingerprinting query for exposed FleetCart instances: html:"FleetCart"
  • The vulnerability is exploitable unauthenticated (PR:N, UI:N) via a simple GET request; no authentication or user interaction is required to leak the Razorpay payment gateway API key.
  • ·The leaked 'razorpayKeyId' is a Razorpay payment gateway API key embedded in redirect responses; its exposure allows attackers to identify and potentially abuse the merchant's payment integration.
  • ·The information disclosure occurs in redirect responses across the majority of FleetCart pages, not just the products endpoint — the products path is simply a reliable trigger for detection.
  • ·Affected versions are FleetCart up to and including 4.1.1; versions beyond 4.1.1 are expected to be patched.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.