CVE-2020-8889

Name of the Vulnerable Software and Affected Versions ShipStation.com plugin version 1.0 for CS-Cart

Description The issue allows remote attackers to obtain sensitive information due to a typo that results in a successful comparison of a blank password and NULL. This can be achieved via the action=export endpoint.

Recommendations For ShipStation.com plugin version 1.0, consider restricting access to the action=export endpoint until a fix is available. Additionally, review password comparison logic to prevent similar issues in the future. At the moment, there is no information about a newer version that contains a fix for this vulnerability.