Incorrect Access Control in CRMEB Affected by Vulnerability
CVE-2024-50653

7.5HIGH

Key Information:

Vendor: Crmeb
Status: Crmeb
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-50653?

The recent vulnerability in CRMEB, specifically affecting versions up to 5.4.0, poses a significant risk due to incorrect access control mechanisms. This flaw allows users to circumvent front-end restrictions designed to limit coupon claims to a single instance. By intercepting and sending a large number of data packets, malicious users can exploit this vulnerability to achieve unlimited coupon collection, thereby compromising the integrity of promotional offers and leading to potential financial loss for businesses relying on CRMEB.

References

https://github.com/crmeb

https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50653

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024

Crmeb

What is CVE-2024-50653?

References

CVSS V3.1

Timeline