Description
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Affected products
- abcprintf / Online Storeunspecified – 1.0
References
- MISChttp://www.vapidlabs.com/advisory.php?v=210
- MISChttps://www.abcprintf.com/view_download.php?id=17
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2019/10/02/1
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2019/12/23/1
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2019/12/23/2