廣田一貴

**Name of the Vulnerable Software and Affected Versions** CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3) CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3) **Description** The issue allows remote attackers to bypass access restrictions and obtain customer information. This is achieved via the orders.pre.php file. **Recommendations** For CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), restrict access to the orders.pre.php file until a fix is available. For CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), restrict access to the orders.pre.php file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** CS-Cart Japanese Edition versions 4.3.10-jp-1 and earlier CS-Cart Multivendor Japanese Edition versions 4.3.10-jp-1 and earlier **Description** The issue allows remote attackers to bypass access restrictions and create a request to return a customer-purchased item. This is achieved via the "rma.post.php" endpoint. **Recommendations** For CS-Cart Japanese Edition versions 4.3.10-jp-1 and earlier, consider restricting access to the "rma.post.php" endpoint until a fix is available. For CS-Cart Multivendor Japanese Edition versions 4.3.10-jp-1 and earlier, consider restricting access to the "rma.post.php" endpoint until a fix is available.