CVE-2015-0951 - OpenCVE

X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qualiteam	X-cart

Configuration 1 [-]

cpe:2.3:a:qualiteam:x-cart:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.kb.cert.org/vuls/id/924124	Third Party Advisory US Government Resource
https://blog.x-cart.com/5-1-11-released.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2015-04-05T01:00:00

Updated: 2015-04-05T01:57:01

Reserved: 2015-01-10T00:00:00

Link: CVE-2015-0951

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-04-05T01:59:05.100

Modified: 2015-04-06T17:07:21.830

Link: CVE-2015-0951

JSON object: View

Redhat Information

No data.

CWE

CWE-264