CVE-2020-23362
Description
YerShop versions up to 2020 lack access control on the cover_id parameter, enabling a remote attacker to modify other users' data via IDOR.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
YerShop versions up to 2020 lack access control on the `cover_id` parameter, enabling a remote attacker to modify other users' data via IDOR.
Vulnerability
Shop_CMS YerShop all versions contain an insecure permissions vulnerability in the user profile edit functionality. The cover_id parameter in POST requests to /index.php/index/user/edit.html is not validated against the authenticated user's session, allowing an attacker to specify an arbitrary user ID. This is a classic Insecure Direct Object Reference (IDOR) flaw, as described in the reference [1].
Exploitation
An attacker must be a registered user of the YerShop application and have network access to the web interface. The exploitation involves intercepting the HTTP request when saving profile changes—e.g., using a tool like Burp Suite—and modifying the id parameter to match another user's ID. For example, changing id=382 to id=381 and altering the username field allows the attacker to rename that user. The reference [1] provides full step‑by‑step exploit details with packet examples.
Impact
Successful exploitation allows the attacker to arbitrarily change the username and possibly other profile fields of any other user. This can lock the victim out of their account, leading to a denial of service for that user. The attacker does not gain direct code execution or data exfiltration, but the integrity and availability of user accounts are compromised [1].
Mitigation
The official project appears unmaintained; no patched versions have been released. The vendor has not issued a fix, and the repository records show no corrective commits. Workarounds include implementing server‑side authorization checks on the id parameter, ensuring it matches the authenticated user's identity. The CVE does not appear on the CISA KEV list [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Shop_CMS/YerShopdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application allows modification of user data without proper authorization checks on the `cover_id` parameter."
Attack vector
An attacker can exploit this vulnerability by sending a crafted POST request to the user profile editing endpoint. The request should include a modified `cover_id` parameter, which is used to identify the user whose data is being changed. By changing the `cover_id` to that of another user, the attacker can alter that user's information, such as their username, effectively locking them out of their account [ref_id=1]. This can be done remotely by intercepting and modifying the HTTP request.
Affected code
The vulnerability is located in the user profile editing functionality, specifically when handling the `cover_id` parameter. The reference write-up indicates that requests to endpoints like `/index/user/edit.html` or `/index/member/edit.html` are affected [ref_id=1].
What the fix does
The advisory does not provide details on a specific patch or fix. However, it implies that proper authorization checks should be implemented to ensure that a user can only modify their own data. Without a patch, the vulnerability remains unaddressed.
Preconditions
- authThe attacker must have a valid user account to log in and initiate the request.
- inputThe attacker needs to know or be able to discover the `cover_id` of the target user.
Generated on Jun 8, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.