CVE-2017-2143 Information

Feb 14, 2021 cve

Description

CS-Cart Japanese Edition v4.3.10-jp-1 and earlier CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

http://jvn.jp/en/jp/JVN25598952/index.html http://tips.cs-cart.jp/fix-jvn-25598952.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3

Share on: