CVE-2019-16403 — Authorization Bypass Through User-Controlled Key in Bagisto

CWE-639 — Authorization Bypass Through User-Controlled Key6 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 48.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elfutils Project Elfutils Webkul Bagisto Bagisto

Timeline

PublishedSep 18

Latest updateAug 30

Description

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDwebkul/bagisto< 0.1.5

▶Packagistbagisto/bagisto< 0.1.5

▶Alpineelfutils_project/elfutils< 0.174-r0

🔴Vulnerability Details

OSV

elfutils vulnerabilities↗2023-08-30

▶

OSV

Authorization Bypass Through User-Controlled Key in Bagisto↗2019-11-08

▶

GHSA

Authorization Bypass Through User-Controlled Key in Bagisto↗2019-11-08

▶

CVEList

CVE-2019-16403: In Webkul Bagisto before 0↗2019-09-18

▶

OSV

CVE-2019-16403: In Webkul Bagisto before 0↗2019-09-18

▶