Security Advisory

CVE-2024-6506

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-04 12:52:15

Last updated 2024-08-01 21:41:03

Assigner INCIBE

State PUBLISHED

Description

Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrw_log" functionality. This vulnerability could allow a remote attacker to obtain other customers order information and access sensitive information such as name and phone number. This vulnerability also allows an attacker to create or overwrite shipping labels.

← Browse all CVEs View on cve.org ↗