Vulnerabilities > CVE-2020-9009 - Missing Authorization vulnerability in Shipstation 1.0

047910
CVSS 3.7 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
high complexity
shipstation
CWE-862

Summary

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.

Vulnerable Configurations

Part Description Count
Application
Shipstation
1

Common Weakness Enumeration (CWE)