Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: May 1, 2022
OverviewIn Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
DetailsShopizer application generally does not allow a regular admin to delete a superadmin according to the documentation. This can be bypassed due to IDOR vulnerability.
PoC DetailsBrowse the application and login with regular administrator credentials (a regular admin can only manage users in its own store) via “/admin/login.html” endpoint. Now navigate to “admin/users/list.html” endpoint. Intercept the traffic via burp before deleting the user. Replace the userId parameter with superadmin’s id (that you created for the POC). We can see that the superadmin is permanently deleted and we are unable to login as the superadmin.
Affected Environments2.0 through 2.17.0
PreventionUpgrade version to 3.0.0 or higher
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||High|
|User Interaction (UI):||None|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Low|