CVE-2020-9009

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

PT-2023-11949 · Shipstation.Com · Shipstation.Com Plugin

Name of the Vulnerable Software and Affected Versions: ShipStation.com plugin version 1.0 for CS-Cart Description: The issue allows remote attackers to obtain sensitive information due to a typo that results in a successful comparison of a blank password and NULL. This can be achieved via the...