CVE-2023-45854
HIGHShopkit 1.0 - Integer Overflow via Negative Quantity in Cart Add Function
Title source: llmDescription
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function.
References (2)
Core 2
Core References
Various Sources
https://shopk.it/
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
24.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Published
Sep 16, 2024
Tracked Since
Feb 18, 2026