CVE-2024-48143

CRITICAL

Digitory Multi Channel Integrated POS v1.0 - Info Disclosure

Title source: llm

Description

A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders.

References (2)

[Various Sources] https://digitory.com/multi-channel-integrated-pos/

[Various Sources] https://github.com/soursec/CVEs/tree/main/CVE-2024-48143

View Writeup ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-307

Status published

Published Oct 24, 2024

Tracked Since Feb 18, 2026