Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID
Vulnerability Description
OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
OroPlatform 安全漏洞
Vulnerability Description
OroPlatform是一个 PHP 业务应用程序平台 (BAP),旨在使自定义业务应用程序的开发更容易、更快。 OroPlatform存在安全漏洞,该漏洞源于如果Storefront用户的ID与后台用户的ID相同,则导航历史记录、查看次数最多和收藏的导航项将在JSON导航响应中返回给Storefront用户。受影响的产品和版本:OroPlatform 4.1.0至4.1.13版本,4.2.0至4.2.10版本,5.0.0至5.0.11版本,5.1.0至5.1.3版本。
CVSS Information
N/A
Vulnerability Type
N/A