Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
xt:Commerce 多个跨站请求伪造漏洞
Vulnerability Description
xt:Commerce是基于电子商务引擎的网络购物系统。 xt:Commerce 3.0.4 SP2.1以及可能的早期版本中存在多个跨站请求伪造漏洞。远程攻击者可 (1)借助admin/customers.php中的作用于statusconfirm的cID参数设置新的用户以及(2)借助admin/accounting.php中作用于save的cID参数授予用户权限,劫持Amins认证请求。
CVSS Information
N/A
Vulnerability Type
N/A