Critical severityNVD Advisory· Published Apr 16, 2020· Updated Aug 4, 2024
Negative charge in shopping cart possible in Shopizer
CVE-2020-11007
Description
In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.shopizer:sm-core-modelMaven | < 2.11.0 | 2.11.0 |
Affected products
2- Range: < 2.11.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-w8rc-pgxq-x2cjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-11007ghsaADVISORY
- github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2aghsax_refsource_MISCWEB
- github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.