CVE-2017-14653

ASP4CMS AspCMS 2.7.2 contains an information-disclosure flaw in member/Orderinfo.asp. A modified OrderNo parameter allows remote authenticated users to read arbitrary order information, exposing partial confidentiality. The CVE entry documents this as a read-access vulnerability with MEDIUM impac...