The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xt-commerce xt-commerce |