What the vulnerability does
01Description
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
Explanation of Vulnerability in Simple Terms
Welcart e-Commerce versions up to 2.11.28 lack proper authorization checks, allowing unauthenticated attackers to modify data and disrupt service. An attacker can send network requests without credentials to trigger unauthorized changes. No user interaction is required. Site administrators should update to a version newer than 2.11.28 immediately.
What an attacker can do
Modify site data and cause service disruption without logging in.
Potential impact on your site
Unauthorized changes to store data and potential service downtime affecting customers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities