Vulners
Lucene search
xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control Vulnerability
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2020-12101 | 30 Apr 202013:40 | – | cve |
 | CVE-2020-12101 | 30 Apr 202013:40 | – | cvelist |
 | CVE-2020-12101 | 30 Apr 202014:15 | – | nvd |
 | CVE-2020-12101 | 30 Apr 202014:15 | – | osv |
 | xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control | 1 May 202000:00 | – | packetstorm |
 | Information disclosure | 30 Apr 202014:15 | – | prion |
 | PT-2020-13033 · Xt · Xt:Commerce | 30 Apr 202000:00 | – | ptsecurity |
xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control Vulnerability
Overview:
xt:Commerce is an online shop software.
The product can be described as an online shop software which is mostly
used in German speaking regions. It is written in PHP and is available
as both a free and paid version. xt:Commerce can also be extended via
plug-ins.
Due to improper access control, a logged-in user can clear other user
addresses.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability Details:
A logged-in customer can create and alter addresses. These addresses are
referenced by incrementing IDs. On saving an address, an attacker could
change the ID of the address to write the data to. If the ID belongs to
an address which does not belong to the current logged-in user, every
field in the address is set to null. An attacker could use this to null
all addresses in a shop.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proof of Concept (PoC):
Sending the following request with an existing address ID belonging to
another customer nulls the fields for the inserted address ID:
POST /de/customer?page_action=edit_address HTTP/1.1
[...]
action=edit_address&address_book_id=[addressId]&old_address_class=
default&address_class=default&customers_company=&customers_gender=m&
customers_firstname=Pen&customers_lastname=Test&customers_street_address=
Test&customers_postcode=12345&customers_city=Test&customers_country_code=DE&
customers_phone=123456789&customers_fax=&customers_mobile_phone=
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution:
Apply patch provided by the manufacturer.
More information:
https://helpdesk.xt-commerce.com/index.php?/Knowledgebase/Article/View/1784/294/adressbuch-sicherheitspatch-17042020-fr-xtcommerce-51-bis-622
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclosure Timeline:
2020-01-23: Found security vulnerability during security assessment
2020-02-03: Customer reported found security vulnerability to manufacturer
2020-03-31: Security advisory with further details sent to manufacturer
2020-03-31: Acknowledgement of security advisory by manufacturer
2020-04-17: Patch released by manufacturer
2020-04-30: Public disclosure of vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
[1] Product website for xt:Commerce
https://www.xt-commerce.com/
[2] SySS Security Advisory SYSS-2020-012
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-012.txt
[3] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
# 0day.today [2020-07-19] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 May 2020 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.00345