CVE-2024-6128
MEDIUMDescription
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268895.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| spa-cart | spa-cartcms |
References
Exploits
Frequently Asked Questions
What is CVE-2024-6128? +
How severe is CVE-2024-6128? +
What products are affected by CVE-2024-6128? +
How do I check if I'm vulnerable to CVE-2024-6128? +
Related Vulnerabilities
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous …
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status …
Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful …
Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful …
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the …
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a …