PT-2024-12574 · Itb Gmbh · Itb-Gmbh Tradepro

Published

2024-04-02

Updated

2025-04-24

CVE-2023-36645

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ITB-GmbH TradePro version 9.5

Description The issue allows remote attackers to run SQL queries via the oordershow component in the customer function. This is a result of incorrect access control, enabling remote access.

Recommendations For ITB-GmbH TradePro version 9.5, consider disabling the oordershow component in the customer function until a patch is available. Restrict access to the Printmail Plugin to minimize the risk of exploitation. Avoid using the oordershow component in the customer function until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2023-36645

Affected Products

Itb-Gmbh Tradepro

PT-2024-12574 · Itb Gmbh · Itb-Gmbh Tradepro

CVE-2023-36645

Weakness Enumeration

Related Identifiers

Affected Products

References · 6