The ShipStation.com plugin 1.1 and earli... CVE-2020-9009

- AV AC AU C I A
发布: 2023-04-11
修订: 2024-11-21

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.

0%
暂无可用Exp或PoC
当前有1条受影响产品信息