CVE-2022-23061 MEDIUM

CVE-2022-23061: Shopizer - IDOR delete superadmin

Vendor Shopizer-Ecommerce
Product Shopizer
Weakness CWE-639 · IDOR
Published May 1, 2022
Last update September 17, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.

Key dates

02Disclosure timeline

May 1, 2022 CVE published
September 17, 2024 Record updated