Description
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN14396697/index.html
Vendor Advisory x_refsource_misc
http://tips.cs-cart.jp/fix-jvn-14396697.html
Scores
CVSS v3
5.3
EPSS
0.0122
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-425
Status
published
Products (3)
Frogman Office Inc./CS-Cart Japanese Edition
v4.3.10 and earlier (excluding v2 and v3)
Frogman Office Inc./CS-Cart Multivendor Japanese Edition
v4.3.10 and earlier (excluding v2 and v3)
frogman_office_inc/cs-cart
< 4.3.10 (2 CPE variants)
Published
Apr 28, 2017
Tracked Since
Feb 18, 2026