CVE-2018-19853

Published: Dec 4, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.

Affected (1)

Products: Hitshop Project: Hitshop

Hitshop Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hitshop Project Hitshop	Up to 2014-07-15

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/liu946/hitshop/issues/1

Source: cve@mitre.org

Third Party Advisory

https://github.com/liu946/hitshop/issues/1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.