Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Vulnerability Description
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
OroCommerce 访问控制错误漏洞
Vulnerability Description
OroCommerce是Oro公司的一个开源的企业对企业商务应用程序。 OroCommerce存在访问控制错误漏洞,该漏洞源于安全检查不足,导致攻击者可以绕过访问控制列表(ACL)。受影响的产品及版本:OroCommerce 4.2.0至4.2.8之前版本,5.0.0至5.0.10版本,5.1.0至5.1.1之前版本。
CVSS Information
N/A
Vulnerability Type
N/A