CVE-2019-16403

Опубликовано: 18 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

Ссылки

https://github.com/bagisto/bagisto/issues/749
Exploit
Third Party Advisory
https://github.com/bagisto/bagisto/issues/749
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webkul:bagisto:*:*:*:*:*:*:*:*

Версия до 0.1.5 (исключая)

EPSS

Процентиль: 51%

0.00284

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-pwrf-q7h8-jjr7