PT-2023-22592 · Unknown · Newbee-Mall

Bacmiao

Publicado

2023-05-04

Atualizado

2023-05-11

CVE-2023-30216

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions newbee-mall versions prior to commit 1f2c2dfy

Description The issue is related to insecure permissions in the updateUserInfo function, which allows attackers to obtain user account information.

Recommendations For versions prior to commit 1f2c2dfy, update to a version that includes commit 1f2c2dfy or later to resolve the issue. As a temporary workaround, consider restricting access to the updateUserInfo function until a patch is available.

Exploit

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2023-30216

Produtos afetados

Newbee-Mall

PT-2023-22592 · Unknown · Newbee-Mall

CVE-2023-30216

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4