{"id":"CVE-2020-15243","details":"Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.","aliases":["GHSA-8g9m-jx26-qp4h"],"modified":"2026-07-09T00:37:28.570873Z","published":"2020-10-08T23:15:10.867Z","references":[{"type":"ADVISORY","url":"https://github.com/smartstore/SmartStoreNET/security/advisories/GHSA-8g9m-jx26-qp4h"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/smartstore/smartstorenet","events":[{"introduced":"525dd1b59052a0169f46ba0c93b479371fd1d59c"},{"last_affected":"e9f9ae5f3468fceff387bc7c59cd64914cc4c41b"}],"database_specific":{"extracted_events":[{"introduced":"4.0.0"},{"last_affected":"4.0.0"},{"introduced":"4.0.1"},{"last_affected":"4.0.1"}],"source":"CPE_STRING","cpe":["cpe:2.3:a:smartstore:smartstore:4.0.0:*:*:*:*:*:*:*","cpe:2.3:a:smartstore:smartstore:4.0.1:*:*:*:*:*:*:*"]}}],"versions":["4.0.0","4.0.1","4.0.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15243.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}