CVE-2022-23061

Published May 1st, 2022

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

5.5

MEDIUM

Affected

PROJECT

Description

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.

shopizer-ecommerce/shopizer

Shopizer java e-commerce software

GitHub

3.91K