PT-2017-15204 · Cs Cart · Cs-Cart Japanese Edition+1
廣田一貴
·
Published
2017-04-28
·
Updated
2019-10-03
·
CVE-2017-2139
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3)
CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3)
Description
The issue allows remote attackers to bypass access restrictions and obtain customer information. This is achieved via the orders.pre.php file.
Recommendations
For CS-Cart Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), restrict access to the orders.pre.php file until a fix is available.
For CS-Cart Multivendor Japanese Edition versions 4.3.10 and earlier (excluding v2 and v3), restrict access to the orders.pre.php file until a fix is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cs-Cart Japanese Edition
Cs-Cart Multivendor Japanese Edition