In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mend
Published: 2022-05-01T12:40:12.050961Z
Updated: 2024-09-17T02:05:46.247Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-23061
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-05-01T13:15:07.757
Modified: 2024-11-21T06:47:54.587
Link: CVE-2022-23061
Redhat
No data.