Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Smartstore SmartStoreNET 跨站请求伪造漏洞
Vulnerability Description
Smartstore SmartStoreNET是德国Smartstore公司的一个开源的电子商务Web平台。该平台包含了CRM、CMS、销售、营销、支付、订单处理等等功能。 Smartstore SmartStoreNET 中存在跨站请求伪造漏洞。该漏洞源于WEB应用通过/admin/customer/create创建账号时未充分验证请求是否来自可信用户。以下产品及版本受到影响:Smartstore SmartStoreNET 4.1.0之前版本。
CVSS Information
N/A
Vulnerability Type
N/A