CVE-2018-14020: Paymorrow Improper Input Validation vulnerability
5.3
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.42752%
CWE
-
Published
5/13/2022
Updated
4/23/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
oxid-esales/paymorrow-module | composer | >= 1.0.0, < 1.0.2 | 1.0.2 |
oxid-esales/paymorrow-module | composer | >= 2.0.0, < 2.0.1 | 2.0.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability descriptions indicate a logic flaw in how the Paymorrow module interacts with OXID eShop's checkout procedure, but no specific function names or code patterns are disclosed in the available references. The core issue appears to be a missing validation step when handling delivery address changes, potentially in payment processing workflows. However, without access to the original codebase, patch diffs, or explicit documentation of affected functions (which are not present in GHSA/NVD descriptions), we cannot confidently identify specific vulnerable functions. The vulnerability stems from architectural integration flaws rather than isolated function-level weaknesses.