PT-2019-9307 · Node.Js · Express-Cart

Patrickrbc

Publicado

2019-02-01

Atualizado

2020-08-24

CVE-2018-16483

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions express-cart versions 1.1.5 and earlier

Description A deficiency in the access control in the express-cart module allows unprivileged users to add new users to the application as administrators.

Recommendations For express-cart versions 1.1.5 and earlier, update to a version later than 1.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the user management functionality to prevent unprivileged users from adding new administrators.

Exploit

Correção

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-290

Identificadores relacionados

CVE-2018-16483

GHSA-WJ36-V8J4-PC7C

Produtos afetados

Express-Cart

PT-2019-9307 · Node.Js · Express-Cart

CVE-2018-16483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5