CVE-2019-16403

HIGH8.8EPSS 0.29%

Authorization Bypass Through User-Controlled Key in Bagisto

Published: 11/8/2019Modified: 11/4/2025

Description

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

Affected packages (2)

Alpine/elfutilsfrom 0, < 0.174-r0
Packagist/bagisto/bagistofrom 0, < 0.1.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-16403
ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-16403
WEBhttps://github.com/bagisto/bagisto/issues/749