Remote Code Execution Vulnerability in SourceCodester Online Mobile Management Store 1.0
CVE-2024-2151
5.3MEDIUM
Summary
The vulnerability within the SourceCodester Online Mobile Management Store involves an issue in the product price handling component where the argument 'quantity' can be manipulated. This manipulation, specifically by providing a negative value of -1, can lead to unexpected business logic errors, potentially allowing for unauthorized actions or incorrect pricing calculations. The threat can be initiated remotely, making systems that utilize this component susceptible to exploitation. Public disclosure of this vulnerability raises significant concerns regarding its exploitation in the wild, emphasizing the need for immediate attention and remediation.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published