exploitDog

CVE-2020-9009

Опубликовано: 11 апр. 2023

Источник: nvd

CVSS3: 3.7

EPSS Низкий

Описание

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.

Ссылки

https://help.shipstation.com/hc/en-us/articles/360025855352-CS-Cart
Not Applicable
https://www.jerdiggity.com/node/870
Exploit
Patch
Third Party Advisory
https://help.shipstation.com/hc/en-us/articles/360025855352-CS-Cart
Not Applicable
https://www.jerdiggity.com/node/870
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shipstation:shipstation:*:*:*:*:*:cs-cart:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 42%

0.00199

Низкий

3.7 Low

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-rgw9-2qv4-ghxq

github

почти 3 года назад

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.

EPSS

Процентиль: 42%

0.00199

Низкий

3.7 Low

CVSS3

Дефекты

CWE-862

CWE-862