← Volver a CVEs
CVE-2024-6506
HIGH8.2
Descripcion
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrw_log" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also allows an attacker to create or overwrite shipping labels.
Detalles CVE
Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/4/2024
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-200
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso/information-exposure-vulnerability-mrw-plug(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso/information-exposure-vulnerability-mrw-plug(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.