Vulnerabilities > CVE-2020-9009 - Missing Authorization vulnerability in Shipstation 1.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |