Authorization Bypass

NopCommerce.Core is vulnerable to authorization bypass. The vulnerability is due to the AddressEdit function in CustomerController.cs not properly removing redundant address endpoint parameters, allowing a malicious user to modify the addresses of other users on the site...

CVE-2022-33077

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...

Design/Logic Flaw

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...

CVE-2022-33077

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...

nopCommerce 安全漏洞

nopCommerce is a set of open source general e-commerce platform. An Access Control Error vulnerability exists in nopCommerce 4.50.2 and prior versions. The vulnerability stems from the presence of improper access control in the application and can be exploited by an attacker to arbitrarily modify...

CVE-2022-33077

nopCommerce v4.50.2 contains an access control flaw in the addressedit endpoint that allows attackers to arbitrarily modify any customer’s address. Root cause identified as an access control issue. The documents do not specify a fixed version or patch details; no exploitation status is provided.