CVE-2020-27997 – An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery …

Vuln ID: CVE-2020-27997

Published:  2021-02-19  23:15:12Z

Description: An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).

Source: NVD.NIST.GOV