CVE-2024-50654

HIGH

Pickmall Lilishop < 4.2.4 - Origin Validation Error

Title source: rule

Description

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.

References (2)

[Exploit, Third Party Advisory] https://github.com/Yllxx03/CVE/blob/main/lilishop/CouponLogicVulnerability.md

[Exploit, Third Party Advisory] https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50654

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (1)

pickmall/lilishop < 4.2.4

Published Nov 15, 2024

Tracked Since Feb 18, 2026