PT-2023-22592 · Unknown · Newbee-Mall
Bacmiao
·
Published
2023-05-04
·
Updated
2023-05-11
·
CVE-2023-30216
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
newbee-mall versions prior to commit 1f2c2dfy
Description
The issue is related to insecure permissions in the
updateUserInfo function, which allows attackers to obtain user account information.Recommendations
For versions prior to commit 1f2c2dfy, update to a version that includes commit 1f2c2dfy or later to resolve the issue. As a temporary workaround, consider restricting access to the
updateUserInfo function until a patch is available.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newbee-Mall