Impact
An attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed.
Patches
The problem is fixed in 1.7.6.9
References
Improper Access Control - Generic (CWE-284)
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Impact
An attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed.
Patches
The problem is fixed in 1.7.6.9
References
Improper Access Control - Generic (CWE-284)
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N