Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Vulnerability Description
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
OroCommerce 访问控制错误漏洞
Vulnerability Description
OroCommerce是Oro公司的一个开源的企业对企业商务应用程序。 OroCommerce存在访问控制错误漏洞,该漏洞源于允许Order ID接收详细的订单总数信息。受影响的产品版本:OroCommerce 4.2.0至4.2.10版本,5.0.0至5.0.10版本,5.1.0至5.1.1之前版本。
CVSS Information
N/A
Vulnerability Type
N/A