Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cezerin 输入验证错误漏洞
Vulnerability Description
Cezerin是一套基于React和Node.js的开源电子商务平台。 Cezerin v0.33.0版本中存在安全漏洞,该漏洞源于程序在处理订单请求时,可能会覆盖内部的属性。攻击者可利用该漏洞修改订单信息。
CVSS Information
N/A
Vulnerability Type
N/A