CVE-2024-1258

Published Feb 6, 2024

Last updated 6 months ago

Overview

Description: A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.
Source: cna@vuldb.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Secondary
Base score: 1.8
Impact score: 2.9
Exploitability score: 3.2
Vector string: AV:A/AC:H/Au:N/C:P/I:N/A:N

Weaknesses

cna@vuldb.com: CWE-321

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:juanpao:jpshop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36995D4D-14EF-451E-9C08-19CD2AAB3C6D",
            "versionEndIncluding": "1.5.02"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References