CVE-2022-23061

Опубликовано: 01 мая 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 5.5

EPSS Низкий

Описание

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.

Ссылки

https://github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287e
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23061
Exploit
Third Party Advisory
https://github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287e
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23061
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shopizer:shopizer:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 2.17.0 (включая)

EPSS

Процентиль: 50%

0.00271

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-wf9v-5m62-rw7r