In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mend

Published: 2022-05-01T12:40:12.050961Z

Updated: 2024-09-17T02:05:46.247Z

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-23061

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-01T13:15:07.757

Modified: 2024-11-21T06:47:54.587

Link: CVE-2022-23061

cve-icon Redhat

No data.