CVE-2018-14020: Improper Input Validation

August 20, 2018 (updated October 3, 2019)

An issue was discovered in the Paymorrow module for OXID eShop. An attacker can bypass delivery-address change detection if the payment module does not use eShop`s checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module.

References

bugs.oxid-esales.com/view.php?id=6801
nvd.nist.gov/vuln/detail/CVE-2018-14020
oxidforge.org/en/security-bulletin-2018-003.html

Detect and mitigate CVE-2018-14020 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →