CVE-2024-50945

HIGH

SimplCommerce - Improper Access Control

Title source: llm

Description

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.

Exploits (1)

nomisec WRITEUP

by AbdullahAlmutawa · poc

https://github.com/AbdullahAlmutawa/CVE-2024-50945

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/AbdullahAlmutawa/CVE-2024-50945

[Various Sources] https://github.com/simplcommerce/SimplCommerce

[Various Sources] https://www.simplcommerce.com/

Scores

CVSS v3 7.5

EPSS 0.0500

EPSS Percentile 89.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Published Dec 27, 2024

Tracked Since Feb 18, 2026