CVE-2024-50945

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.

simplcommerce/SimplCommerce
simplcommerce/SimplCommerce
A simple, cross platform, modulith ecommerce system built on .NET
GitHubGitHub
4.41K
AbdullahAlmutawa/CVE-2024-50945
AbdullahAlmutawa/CVE-2024-50945
SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.
GitHubGitHub