Home > Vulnerability Database > CVE-2024-50945

Mend.io Vulnerability Database

CVE-2024-50945

Date: December 26, 2024

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/simplcommerce/SimplCommerce

Url: https://www.simplcommerce.com/

Url: https://github.com/AbdullahAlmutawa/CVE-2024-50945

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-50945

Url: https://www.mend.io/vulnerability-database/CVE-2024-50945

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-50945

Date: December 26, 2024

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?