CVE-2019-16403

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
References
Link Resource
https://github.com/bagisto/bagisto/issues/749 Exploit Third Party Advisory
https://github.com/bagisto/bagisto/issues/749 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:webkul:bagisto:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:30

Type Values Removed Values Added
References () https://github.com/bagisto/bagisto/issues/749 - Exploit, Third Party Advisory () https://github.com/bagisto/bagisto/issues/749 - Exploit, Third Party Advisory

Information

Published : 2019-09-18 12:15

Updated : 2024-11-21 04:30


NVD link : CVE-2019-16403

Mitre link : CVE-2019-16403

CVE.ORG link : CVE-2019-16403


JSON object : View

Products Affected

webkul

  • bagisto
CWE
CWE-639

Authorization Bypass Through User-Controlled Key