What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
Explanation of Vulnerability in Simple Terms
02Summary
Smart Online Order for Clover versions up to 1.6.0 contain a vulnerability that allows unauthenticated attackers to read sensitive data, modify information, or disrupt service availability over the network. No special conditions or user interaction are required to exploit this issue. Organizations using affected versions should update immediately.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify information, or disrupt service availability without authentication.
Potential impact on your site
04Site Impact
Attackers can access customer data, modify orders, or cause service outages without logging in.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 27, 2026
CVE published
May 27, 2026
Record updated