Описание
Authorization Bypass Through User-Controlled Key in Bagisto
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
Пакеты
Наименование
bagisto/bagisto
composer
Затронутые версииВерсия исправления
< 0.1.5
0.1.5
Связанные уязвимости
CVSS3: 8.8
nvd
больше 6 лет назад
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.