An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
References
Configurations
History
20 Oct 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-639 | |
CPE | cpe:2.3:a:nopcommerce:nopcommerce:*:*:*:*:*:*:*:* | |
References | (MISC) http://nopcommerce.com - Vendor Advisory | |
References | (MISC) https://medium.com/@rohan_pagey/cve-2022-33077-idor-to-change-address-of-any-customer-via-parameter-pollution-in-nopcommerce-4-5-2fa4bc763cc6 - Exploit, Third Party Advisory |
19 Oct 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-19 02:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-33077
Mitre link : CVE-2022-33077
CVE.ORG link : CVE-2022-33077
JSON object : View
Products Affected
nopcommerce
- nopcommerce
CWE
CWE-639
Authorization Bypass Through User-Controlled Key