2 matches found
Improper Authorization
Shopper is vulnerable to Improper Authorization. The vulnerability is due to missing and improperly enforced authorization checks in the team settings, which allows an authenticated attacker to create roles, modify permissions, escalate privileges to administrator, and remove legitimate...
shopper 授权问题漏洞
Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...