PT-2024-28443 · Aimeos · Aimeos/Ai-Controller-Frontend
Ssshah2131
·
Published
2024-09-26
·
Updated
2024-09-30
·
CVE-2024-39319
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
aimeos/ai-controller-frontend versions prior to 2024.4.2
aimeos/ai-controller-frontend versions prior to 2023.10.9
aimeos/ai-controller-frontend versions prior to 2022.10.8
aimeos/ai-controller-frontend versions prior to 2021.10.8
aimeos/ai-controller-frontend versions prior to 2020.10.15
Description
The issue is related to an insecure direct object reference, which allows an attacker to disable subscriptions and reviews of another customer.
Recommendations
For versions prior to 2024.4.2, update to version 2024.4.2 or later.
For versions prior to 2023.10.9, update to version 2023.10.9 or later.
For versions prior to 2022.10.8, update to version 2022.10.8 or later.
For versions prior to 2021.10.8, update to version 2021.10.8 or later.
For versions prior to 2020.10.15, update to version 2020.10.15 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aimeos/Ai-Controller-Frontend