AbdullahAlmutawa

3 exploits Active since Dec 2024
CVE-2024-50944 NOMISEC CRITICAL WRITEUP
SimplCommerce - Buffer Overflow
Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.
CVSS 9.8
CVE-2024-50945 NOMISEC HIGH WRITEUP
SimplCommerce - Improper Access Control
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.
CVSS 7.5
CVE-2024-53476 NOMISEC MEDIUM WRITEUP
SimplCommerce - Info Disclosure
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.
CVSS 5.9