An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
References
Configurations
History
07 Nov 2023, 03:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Oct 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Nopcommerce
Nopcommerce nopcommerce |
|
CWE | CWE-639 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) http://nopcommerce.com - Vendor Advisory | |
References | (MISC) https://medium.com/@rohan_pagey/cve-2022-33077-idor-to-change-address-of-any-customer-via-parameter-pollution-in-nopcommerce-4-5-2fa4bc763cc6 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:nopcommerce:nopcommerce:*:*:*:*:*:*:*:* |
19 Oct 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-19 02:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-33077
Mitre link : CVE-2022-33077
CVE.ORG link : CVE-2022-33077
JSON object : View
Products Affected
nopcommerce
- nopcommerce
CWE
CWE-639
Authorization Bypass Through User-Controlled Key