CVE-2022-23061
Authorization Bypass Through User-Controlled Key in maven/com.shopizer/shopizer
Identifiers
CVE-2022-23061
Package Slug
maven/com.shopizer/shopizer
Vulnerability
Authorization Bypass Through User-Controlled Key
Description
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
Affected Versions
All versions starting from 2.0 up to 2.17.0
Solution
Unfortunately, there is no solution available yet.
Last Modified
2022-05-09
| source |