PT-2022-15822 · Shopizer · Shopizer

Published

2022-05-01

Updated

2022-05-09

CVE-2022-23061

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shopizer versions 2.0 through 2.17.0

Description The issue allows a regular admin to permanently delete a superadmin via an Insecure Direct Object Reference (IDOR) vulnerability, contrary to the documentation.

Recommendations For versions 2.0 through 2.17.0, as a temporary workaround, consider restricting access to admin functionalities that could lead to the deletion of superadmin accounts until a patch is available.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2022-23061

Affected Products

Shopizer

PT-2022-15822 · Shopizer · Shopizer

CVE-2022-23061

Weakness Enumeration

Related Identifiers

Affected Products

References · 6