PT-2017-13614 · Aspcms · Aspcms
Publicado
2017-09-22
·
Atualizado
2017-10-05
·
CVE-2017-14653
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AspCMS version 2.7.2
Description
The issue allows remote authenticated users to read arbitrary order information. This is achieved by modifying the
OrderNo parameter in the 'member/Orderinfo.asp' page.Recommendations
For AspCMS version 2.7.2, avoid using the
OrderNo parameter in the 'member/Orderinfo.asp' page until the issue is resolved. As a temporary workaround, consider restricting access to the 'member/Orderinfo.asp' page to minimize the risk of exploitation.Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Aspcms