CVE-2020-9009
- Reference to the description:
- Description:
- The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.
- Last updated date:
- 04/21/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 04/21/2023
- Reference url to background