Improper Access Control in SimplCommerce
CVE-2024-50945

7.5HIGH

Key Information:

Vendor: SimplCommerce
Vendor: CVE Published:; 27 December 2024

🔔 Create SimplCommerce Vulnerability Alert

What is CVE-2024-50945?

An improper access control vulnerability found in SimplCommerce enables users to submit product reviews without the necessary verification of a purchase. This flaw allows individuals to manipulate the review system, potentially leading to fraudulent and misleading feedback for products. By not ensuring that reviews are submitted by verified purchasers, the integrity of the review process is compromised, raising concerns over the authenticity and trustworthiness of product evaluations.

References

https://github.com/simplcommerce/SimplCommerce

https://www.simplcommerce.com/

https://github.com/AbdullahAlmutawa/CVE-2024-50945

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2024

CVE-2024-50945 Data

JSON