CVE-2018-5190 Information

Description

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie related to pc_head.php pc_login.php and pc_login_page.php.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://brianmccarthytech.blogspot.co.nz/2018/04/cve-2018-5190.html https://www.picturespro.com/support-forum/photo-cart/?t=38346-security-patch-for-photo-cart-2018

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8