4 matches found
CVE-2020-36365
Smartstore (aka SmartStoreNET) before 4.1.0 contains an open redirect vulnerability exploitable via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a logged-in user to a malicious site, potentially enabling phishing or...
CVE-2020-27997
CVE-2020-27997 affects SmartStoreNET before 4.1.0. The issue is a CSRF protection gap that may allow elevation of privileges, for example by calling /admin/customer/create to create an admin account. The available documents confirm the vulnerability's existence and context but do not provide conc...
CVE-2020-36364
CVE-2020-36364 affects Smartstore/SmartStoreNET prior to 4.1.0. The issue arises in Administration/Controllers/ImportController.cs (ImportController.Create) where a TempFileName field enables path traversal during copy and delete actions. The publicly documented impact is classic path traversal, ...
CVE-2020-27996
"CVE-2020-27996 affects SmartStoreNET