Abdullah Almutawa - Security Researcher - Exploit Intelligence Platform

CVE-2024-50944 NOMISEC CRITICAL WRITEUP

SimplCommerce - Integer Overflow in CartController AddToCart Quantity Parameter

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.

CVSS 9.8

View Code

CVE-2024-50945 NOMISEC HIGH WRITEUP

SimplCommerce - Improper Access Control

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.

CVSS 7.5

View Code

CVE-2024-53476 NOMISEC MEDIUM WRITEUP

SimplCommerce - Race Condition in Inventory Tracking

A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.

CVSS 5.9

View Code