VYPR

ShipStation.com plugin

by ShipStation.com

CVEs (1)

  • CVE-2020-9009LowApr 11, 2023
    risk 0.24cvss 3.7epss 0.01

    The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.