Unrated severityNVD Advisory· Published Apr 30, 2020· Updated Aug 4, 2024
CVE-2020-12101
CVE-2020-12101
Description
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- xt:Commerce/xt:Commercedescription
- Range: 5.1 to 6.2.2
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/157534/xt-Commerce-5.4.1-6.2.1-6.2.2-Improper-Access-Control.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2020/May/0mitremailing-listx_refsource_FULLDISC
- helpdesk.xt-commerce.com/index.phpmitrex_refsource_CONFIRM
- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-012.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.