Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PhoenixCart Vulnerable to Account Deletion Without Password Confirmation
Vulnerability Description
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
CE Phoenix Cart 访问控制错误漏洞
Vulnerability Description
CE Phoenix Cart是CE Phoenix Cart开源的一个免费、开源的电子商务购物车软件。 CE Phoenix Cart 1.0.9.7至1.1.0.3之前版本存在访问控制错误漏洞,该漏洞源于删除账户时缺少密码重新验证,可能导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A