PT-2024-12573 · Itb Gmbh · Itb-Gmbh Tradepro
Published
2024-04-04
·
Updated
2025-04-24
·
CVE-2023-36644
CVSS v3.1
7.5
High
| Vector | AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
ITB-GmbH TradePro version 9.5
Description
The issue allows remote attackers to bypass access controls and receive all order confirmations from the online shop via the
printmail plugin.Recommendations
For ITB-GmbH TradePro version 9.5, consider disabling the
printmail plugin until a patch is available to prevent unauthorized access to order confirmations.Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Itb-Gmbh Tradepro