CVE-2017-14653

MEDIUM

ASP4CMS AspCMS 2.7.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.

References (1)

Core 1
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
http://asdedc.bid/aspcms.html

Scores

CVSS v3 6.5
EPSS 0.0105
EPSS Percentile 60.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
asp4cms/aspcms 2.7.2
Published Sep 22, 2017
Tracked Since Feb 18, 2026