CVE-2014-2009

mPAY24 <1.6 - Info Disclosure

Title source: llm

Description

The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.

Exploits (1)

exploitdb WRITEUP

by Wireghoul · textwebappsphp

https://www.exploit-db.com/exploits/34586

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95721

Exploit x_refsource_misc

http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/110738

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/34586

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Sep/23

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69560

Scores

EPSS 0.1259

EPSS Percentile 94.0%

Details

CWE

CWE-200

Status published

Products (12)

mpay24_project/mpay24 1.4.0

mpay24_project/mpay24 1.4.1

mpay24_project/mpay24 1.4.2

mpay24_project/mpay24 1.4.3

mpay24_project/mpay24 1.4.4

mpay24_project/mpay24 1.4.5

mpay24_project/mpay24 1.4.6

mpay24_project/mpay24 1.4.7

mpay24_project/mpay24 1.4.8

mpay24_project/mpay24 1.4.9

... and 2 more

Published Sep 12, 2014

Tracked Since Feb 18, 2026