Critical severityNVD Advisory· Published Apr 16, 2020· Updated Aug 4, 2024
Negative charge in shopping cart possible in Shopizer
CVE-2020-11007
Description
In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.shopizer:sm-core-modelMaven | < 2.11.0 | 2.11.0 |
Affected products
1- Range: < 2.11.0
Patches
1929ca0839a80Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-w8rc-pgxq-x2cjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-11007ghsaADVISORY
- github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2aghsax_refsource_MISCWEB
- github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.