CVE-2022-23061
maven/com.shopizer/shopizer
Authorization Bypass Through User-Controlled Key
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
All versions starting from 2.0 up to 2.17.0
Unfortunately, there is no solution available yet.
2022-05-09
source |