Vulnerability Details CVE-2022-33077
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.5%
CVSS Severity
CVSS v3 Score 7.5
References
- http://nopcommerce.com
- https://medium.com/%40rohan_pagey/cve-2022-33077-idor-to-change-address-of-any-customer-via-parameter-pollution-in-nopcommerce-4-5-2fa4bc763cc6
- http://nopcommerce.com
- https://medium.com/%40rohan_pagey/cve-2022-33077-idor-to-change-address-of-any-customer-via-parameter-pollution-in-nopcommerce-4-5-2fa4bc763cc6
- https://medium.com/%40rohan_pagey/cve-2022-33077-idor-to-change-address-of-any-customer-via-parameter-pollution-in-nopcommerce-4-5-2fa4bc763cc6
Products affected by CVE-2022-33077
-
cpe:2.3:a:nopcommerce:nopcommerce:1.70
-
cpe:2.3:a:nopcommerce:nopcommerce:1.80
-
cpe:2.3:a:nopcommerce:nopcommerce:1.90
-
cpe:2.3:a:nopcommerce:nopcommerce:2.00
-
cpe:2.3:a:nopcommerce:nopcommerce:2.10
-
cpe:2.3:a:nopcommerce:nopcommerce:2.20
-
cpe:2.3:a:nopcommerce:nopcommerce:2.30
-
cpe:2.3:a:nopcommerce:nopcommerce:2.40
-
cpe:2.3:a:nopcommerce:nopcommerce:2.50
-
cpe:2.3:a:nopcommerce:nopcommerce:2.60
-
cpe:2.3:a:nopcommerce:nopcommerce:2.65
-
cpe:2.3:a:nopcommerce:nopcommerce:2.70
-
cpe:2.3:a:nopcommerce:nopcommerce:2.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.00
-
cpe:2.3:a:nopcommerce:nopcommerce:3.10
-
cpe:2.3:a:nopcommerce:nopcommerce:3.20
-
cpe:2.3:a:nopcommerce:nopcommerce:3.30
-
cpe:2.3:a:nopcommerce:nopcommerce:3.40
-
cpe:2.3:a:nopcommerce:nopcommerce:3.50
-
cpe:2.3:a:nopcommerce:nopcommerce:3.60
-
cpe:2.3:a:nopcommerce:nopcommerce:3.70
-
cpe:2.3:a:nopcommerce:nopcommerce:3.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.90
-
cpe:2.3:a:nopcommerce:nopcommerce:4.00
-
cpe:2.3:a:nopcommerce:nopcommerce:4.10
-
cpe:2.3:a:nopcommerce:nopcommerce:4.20
-
cpe:2.3:a:nopcommerce:nopcommerce:4.30
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.1
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.2
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.3
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.4
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.0
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.1
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.2