The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
References
Configurations
History
21 Nov 2024, 04:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/157534/xt-Commerce-5.4.1-6.2.1-6.2.2-Improper-Access-Control.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2020/May/0 - Exploit, Mailing List, Patch, Third Party Advisory | |
References | () https://helpdesk.xt-commerce.com/index.php?/Knowledgebase/Article/View/1784/294/adressbuch-sicherheitspatch-17042020-fr-xtcommerce-51-bis-622 - Patch, Vendor Advisory | |
References | () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-012.txt - Exploit, Patch, Third Party Advisory |
19 Mar 2024, 18:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:xt-commerce:xt-commerce:*:*:*:*:*:*:*:* | |
References | () http://packetstormsecurity.com/files/157534/xt-Commerce-5.4.1-6.2.1-6.2.2-Improper-Access-Control.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2020/May/0 - Exploit, Mailing List, Patch, Third Party Advisory | |
First Time |
Xt-commerce xt-commerce
|
Information
Published : 2020-04-30 14:15
Updated : 2024-11-21 04:59
NVD link : CVE-2020-12101
Mitre link : CVE-2020-12101
CVE.ORG link : CVE-2020-12101
JSON object : View
Products Affected
xt-commerce
- xt-commerce
CWE
CWE-276
Incorrect Default Permissions