exploitDog

CVE-2023-27919

Опубликовано: 10 мая 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system.

Ссылки

https://jvn.jp/en/jp/JVN50862842/
Third Party Advisory
https://main.next-engine.com/Usernotice/detail?id=1054
Permissions Required
https://jvn.jp/en/jp/JVN50862842/
Third Party Advisory
https://main.next-engine.com/Usernotice/detail?id=1054
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:next-engine:next_engine_integration:*:*:*:*:*:ec-cube:*:*

EPSS

Процентиль: 29%

0.00105

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-v4hm-xqrg-4qfp

CVSS3: 5.3

github

больше 2 лет назад

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system.

EPSS

Процентиль: 29%

0.00105

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-287