Vulnerability Description
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Online Store System Project | Online Store System | 1.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/10/02/1ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/12/23/1ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/12/23/2ExploitMailing ListThird Party Advisory
- http://www.vapidlabs.com/advisory.php?v=210ExploitThird Party Advisory
- https://www.abcprintf.com/view_download.php?id=17Product
- http://www.openwall.com/lists/oss-security/2019/10/02/1ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/12/23/1ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/12/23/2ExploitMailing ListThird Party Advisory
- http://www.vapidlabs.com/advisory.php?v=210ExploitThird Party Advisory
- https://www.abcprintf.com/view_download.php?id=17Product
FAQ
What is CVE-2019-8292?
CVE-2019-8292 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
How severe is CVE-2019-8292?
CVE-2019-8292 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-8292?
Check the references section above for vendor advisories and patch information. Affected products include: Online Store System Project Online Store System.