CNNVD-202601-075 Information
CNNVD ID
CNNVD-202601-075
Related CVE
- CNNVD Published: 2026-01-02
Description (Chinese)
Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.10之前版本存在访问控制错误漏洞,该漏洞源于安装完成后API路由仍处于活动状态且无需身份验证,可能导致未经验证的攻击者创建管理员账户和修改配置。
Description (English)
Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. Prior to the version of Webkul Software Bagisto 2.3.10, there was a bug in access control, which stemmed from the fact that the API route was still active after installation and did not require identification, which could lead to uncertified assailants creating administrator accounts and modifying configurations.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
Webkul Software
Published
2026-01-02
Last Modified
2026-02-24
References
https://github.com/bagisto/bagisto/commit/380c045e48490da740cd505fb192cc45e1809bed https://github.com/bagisto/bagisto/security/advisories/GHSA-6h7w-v2xr-mqvw https://access.redhat.com/security/cve/cve-2026-21446
Patch
https://github.com/bagisto/bagisto/releases
Share on: