CVE-2020-36365 Scanner

Smartstore (aka SmartStoreNET) is an open-source e-commerce platform developed on the .NET Core platform. This platform is used by businesses to create a digital storefront to sell their products and services. It provides a variety of features including, order management, inventory management, payment integration, and customer management. It is a popular choice for businesses that want to establish a digital presence and grow their online sales.

One of the vulnerabilities detected in Smartstore is CVE-2020-36365. This vulnerability, which affects Smartstore versions prior to 4.1.0, allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect. Essentially, this means that attackers can manipulate a URL to redirect users to a malicious website where they can be tricked into divulging sensitive information or installing malware.

If this vulnerability is exploited, it can lead to serious consequences for businesses. For example, hackers can use this vulnerability to steal credit card information, customer data, or even take full control of the targeted systems. Not only can businesses lose trust and reputation, but they may also face legal consequences and cost to fix the damage caused.

By subscribing to s4e.io, businesses can easily and quickly learn about vulnerabilities in their digital assets. s4e.io provides timely and detailed alerts on the latest vulnerabilities and security threats, as well as a comprehensive database of known security vulnerabilities across multiple platforms. With its pro features, businesses can protect their digital assets from malicious attacks and minimize the risk of data loss or breaches.

REFERENCES

• https://github.com/smartstore/SmartStoreNET/issues/2113