CVE-2017-2139

EUVD-2017-11322
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
frogman_office_inccs-cart
𝑥
≤ 4.3.10
frogman_office_inccs-cart
𝑥
≤ 4.3.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN14396697/index.html
http://tips.cs-cart.jp/fix-jvn-14396697.html
http://jvn.jp/en/jp/JVN14396697/index.html
http://tips.cs-cart.jp/fix-jvn-14396697.html