该漏洞编号已预留给漏洞申报者 CVE-2019-0308

3.5 AV AC AU C I A
发布: 2019-06-12
修订: 2019-06-17

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.

0%
暂无可用Exp或PoC
当前有5条受影响产品信息