PT-2017-13614 · Aspcms · Aspcms
Published
2017-09-22
·
Updated
2017-10-05
·
CVE-2017-14653
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AspCMS version 2.7.2
Description
The issue allows remote authenticated users to read arbitrary order information. This is achieved by modifying the
OrderNo parameter in the 'member/Orderinfo.asp' page.Recommendations
For AspCMS version 2.7.2, avoid using the
OrderNo parameter in the 'member/Orderinfo.asp' page until the issue is resolved. As a temporary workaround, consider restricting access to the 'member/Orderinfo.asp' page to minimize the risk of exploitation.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aspcms