Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shuup - Formula Injection in Checkout Addresses
Vulnerability Description
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
Shuup 注入漏洞
Vulnerability Description
Shuup是美国Shuup公司的一个基于 Django 和 Python 的开源电子商务平台。 Shuup 存在注入漏洞,该漏洞源于0.4.2 版本至 2.10.8 版本中的 Shuup 应用受公式注入漏洞影响。 客户可以在购买产品时在帐单地址的名称输入字段中注入有效负载。 当商店管理员访问报告页面以将数据导出为 Excel 文件并打开它时,将执行有效负载。
CVSS Information
N/A
Vulnerability Type
N/A