AbdullahAlmutawa/CVE-2024-50945

Releases0

SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-50945 ↗	Dec 27, 2024Friday, 27 December 2024, 19:15	7.5 HIGH	—
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.