PT-2022-19735 · Unknown · Online Market Place Site

N1_X

Published

2022-05-27

Updated

2022-06-12

CVE-2022-29627

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Online Market Place Site version 1.0

Description The issue is related to an insecure direct object reference (IDOR) that allows attackers to modify products owned by other sellers.

Recommendations For Online Market Place Site version 1.0, consider restricting access to product modification functionality to prevent unauthorized changes. As a temporary workaround, restrict the ability to modify products to only the product owners until a proper fix is implemented.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2022-29627

Affected Products

Online Market Place Site

PT-2022-19735 · Unknown · Online Market Place Site

CVE-2022-29627

Weakness Enumeration

Related Identifiers

Affected Products

References · 4