magevulndb icon indicating copy to clipboard operation
magevulndb copied to clipboard
verified publisher icon sansecio

LS Retail Magento 2 `lsretailomni/lsmag-two` insecure API endpoints

Open lbajsarowicz opened this issue 2 years ago • 2 comments

https://github.com/lsretailomni/lsmag-two/blob/e5c1baebe2b1305ffac4926b54475dc10e2c30a5/src/Webhooks/etc/webapi.xml#L5-L22

Thanks to anonymous resource and lack of any server-side validation, any Visitor can override Order & Shipment status causing significant loss (e.g. flagging order as paid).

Issue is still not resolved in 2.3.0

lbajsarowicz avatar Apr 25 '23 11:04 lbajsarowicz

Thanks Lukasz! Would you mind opening a PR for the CSV file https://github.com/sansecio/magevulndb/blob/master/magento2-vulnerable-extensions.csv ?

gwillem avatar May 09 '23 13:05 gwillem

Yes, I can.

lbajsarowicz avatar May 09 '23 13:05 lbajsarowicz