CVE-2014-2009

Published Sep 12, 2014

Last updated 7 years ago

Overview

Description: The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:*:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12F8C60C-E478-446E-94D7-7FCA39082D57",
            "versionEndIncluding": "1.5.1"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.0:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16CADE39-61F5-400D-B1F1-FD42952593EF"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.1:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9981056-5D10-43C4-9548-26D635EB8EFF"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.2:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E86554A4-8866-49C1-8931-14B801443148"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.3:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "744BBE4B-AD9A-4305-BE17-61434C384B5D"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.4:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "531A0B91-6A9C-49B8-AB4D-D05BB97A1497"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.5:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DED3BE1-A543-4E0D-8EFF-95DD0307CB3C"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.6:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "238F2321-5C2B-46A3-8074-4967AFA89AAA"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.7:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B621AF1-3FBB-401E-AFE2-606ED8F9757E"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.8:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58B3DC8F-C166-4927-80C3-20F2AA6F5FD9"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.4.9:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE324AB8-6A48-4593-BA2C-1DEC5F23C154"
          },
          {
            "criteria": "cpe:2.3:a:mpay24_project:mpay24:1.5.0:*:*:*:*:prestashop:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F28994B-6847-470D-A264-E5B705FCDB83"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References