EUVD-2020-29730

Malware in sbrugna...

CVE-2020-9009

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

CVE-2020-8889

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

CVE-2020-9009

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

Information disclosure

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

CVE-2020-9009

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

CVE-2020-9009

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database via action=shipnotify because access to this endpoint is completely unchecked. The attacker must guess an order number...

ShipStation 安全漏洞

ShipStation is an e-commerce retail order carrier processing and shipping software from ShipStation. A security vulnerability exists in ShipStation version 1.1 and prior versions that stems from unchecked access to an endpoint, allowing a remote attacker to insert arbitrary information into the...

PT-2023-11951 · Shipstation.Com · Shipstation.Com Plugin

Name of the Vulnerable Software and Affected Versions: ShipStation.com plugin versions 1.1 and earlier for CS-Cart Description: The issue allows remote attackers to insert arbitrary information into the database via the "action=shipnotify" endpoint because access to this endpoint is completely...

CVE-2020-8889

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

CVE-2020-8889

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

ShipStation 安全漏洞

ShipStation is an e-commerce retail order carrier processing and shipping software from ShipStation. A security vulnerability exists in ShipStation version 1.0, which stems from a spelling error that can lead to a blank password and a successful NULL comparison, which can be exploited by an...

shipstation.com XSS vulnerability

On the 21.06.2017 security researcher reported a XSS vulnerability affecting the shipstation.com website via the Open Bug Bounty coordinated vulnerability disclosure program. Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 21 June, 2017 06:...