CVE-2017-2139

CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
frogman_office_inccs-cart
𝑥
≤ 4.3.10
frogman_office_inccs-cart
𝑥
≤ 4.3.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN14396697/index.html
http://tips.cs-cart.jp/fix-jvn-14396697.html
http://jvn.jp/en/jp/JVN14396697/index.html
http://tips.cs-cart.jp/fix-jvn-14396697.html