Vulnerability Details CVE-2019-8292
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2019/10/02/1
- http://www.openwall.com/lists/oss-security/2019/12/23/1
- http://www.openwall.com/lists/oss-security/2019/12/23/2
- http://www.vapidlabs.com/advisory.php?v=210
- https://www.abcprintf.com/view_download.php?id=17
- http://www.openwall.com/lists/oss-security/2019/10/02/1
- http://www.openwall.com/lists/oss-security/2019/12/23/1
- http://www.openwall.com/lists/oss-security/2019/12/23/2
- http://www.vapidlabs.com/advisory.php?v=210
- https://www.abcprintf.com/view_download.php?id=17
Products affected by CVE-2019-8292
-
cpe:2.3:a:online_store_system_project:online_store_system:1.0