Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
incredibleinteractive DragonflyCommerce 多个 数据篡改漏洞
Vulnerability Description
Dragonfly Commerce是一套电子商务网站解决方案。 Dragonfly Commerce存在数据篡改漏洞。 远程攻击者可通过修改dc_Categorieslist.asp、dc_Categoriesview.asp、dc_productslist.asp及dc_productslist_Clearance.asp中的x_DragonflyCartProductPrice隐藏字段来更改产品价格。 注:供应商对此问题有异议。
CVSS Information
N/A
Vulnerability Type
N/A