6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-11007

GHSA ID

GHSA-w8rc-pgxq-x2cj

EPSS Score

0.42879%

CWE

CWE-20

Published

4/22/2020

Updated

1/9/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-11007

CVE-2020-11007: Negative charge in shopping cart in Shopizer

Impact

Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total.

Patches

Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0

Workarounds

Without uprading, it's possible to just apply the fixes in the same files it's done for the patch. Or you use javax constraint validation on the quantity parameter.

References

Input Validation Using bean validation constraint Commits with fixes CVE Details below : Mitre NVD

Credits

Found and solved by Yannick Gosset from Aix-Marseille University cybersecurity master program supervised by Yassine Ilmi

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-11007

GHSA ID

GHSA-w8rc-pgxq-x2cj

EPSS Score

0.42879%

CWE

CWE-20

Published

4/22/2020

Updated

1/9/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.shopizer:sm-core-model	maven	< 2.11.0	2.11.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows critical validation checks for quantity <1 were added in two methods: 1) addItemsToShoppingCart (line 111) and 2) addToCart with Customer parameter (line 917). These functions previously accepted negative quantities without validation, enabling cart/order total manipulation. The direct correlation between the vulnerability description (negative quantity impact) and these patched methods indicates they were the vulnerable entry points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t Usin* *PI or *ontroll*r **s** v*rsions n***tiv* qu*ntity is not ***qu*t*ly v*li**t** **n** *r**tin* in*orr**t s*oppin* **rt *n* or**r tot*l. ### P*t***s ***in* * ***k-*n* v*ri*i**tion to ****k t**t qu*ntity p*r*m*t*r isn't n***tiv*. I* s

Reasoning

T** *ommit *i** s*ows *riti**l v*li**tion ****ks *or qu*ntity <* w*r* ***** in two m*t*o*s: *) `***It*msToS*oppin***rt` (lin* ***) *n* *) `***To**rt` wit* *ustom*r p*r*m*t*r (lin* ***). T**s* *un*tions pr*viously ****pt** n***tiv* qu*ntiti*s wit*out

6.5

Basic Information

Concerned about an active attack path?

CVE-2020-11007: Negative charge in shopping cart in Shopizer

Impact

Patches

Workarounds

References

Credits

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI