Low severity3.7NVD Advisory· Published Apr 11, 2023· Updated Jun 17, 2026
CVE-2020-9009
CVE-2020-9009
Description
The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.
Affected products
3- ShipStation.com/ShipStation.com plugindescription
- Range: <=1.1
Patches
Vulnerability mechanics
References
2- www.jerdiggity.com/node/870nvdExploitPatchThird Party Advisory
- help.shipstation.com/hc/en-us/articles/360025855352-CS-CartnvdNot Applicable
News mentions
0No linked articles in our index yet.