CVE-2015-0951 : X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modifi

X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.

Published 2015-04-05 01:59:05

Updated 2015-04-06 17:07:22

Source CERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-0951

Probability of exploitation activity in the next 30 days: 0.23%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-0951

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-0951

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0951

http://www.kb.cert.org/vuls/id/924124

VU#924124 - X-Cart contains multiple vulnerabilities
Third Party Advisory;US Government Resource

CVEs referencing this url
https://blog.x-cart.com/5-1-11-released.html

X-Cart 5.1.11: major security update, upgrade your stores ASAP | Blog
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2015-0951

Qualiteam » X-cart
Versions up to, including, (<=) 5.1.10
cpe:2.3:a:qualiteam:x-cart:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-0951

Exploit prediction scoring system (EPSS) score for CVE-2015-0951

CVSS scores for CVE-2015-0951

CWE ids for CVE-2015-0951

References for CVE-2015-0951

Products affected by CVE-2015-0951