CVE-2024-50944

CRITICAL

SimplCommerce - Buffer Overflow

Title source: llm

Description

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.

Exploits (1)

nomisec WRITEUP

by AbdullahAlmutawa · poc

https://github.com/AbdullahAlmutawa/CVE-2024-50944

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/AbdullahAlmutawa/CVE-2024-50944

[Various Sources] https://github.com/simplcommerce/SimplCommerce

[Various Sources] https://www.simplcommerce.com/

[Issue Tracking] https://github.com/simplcommerce/SimplCommerce/issues/1110

Scores

CVSS v3 9.8

EPSS 0.0276

EPSS Percentile 86.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Published Dec 27, 2024

Tracked Since Feb 18, 2026