An authenticated attacker in SAP ... CVE-2019-0308

3.5 AV AC AU C I A
发布: 2019-06-12
修订: 2019-08-22

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.

0%
暂无可用Exp或PoC
当前有5条受影响产品信息