CVE-2024-50945

HIGH

SimplCommerce - Improper Access Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50945. PoCs published by AbdullahAlmutawa.

AI-analyzed exploit summary This repository contains a writeup for CVE-2024-50945, a Broken Access Control vulnerability in SimplCommerce. The vulnerability allows unauthorized users to post reviews for products they have not purchased by manipulating the EntityId parameter in review submission requests.

Description

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.

Exploits (1)

nomisec WRITEUP
by AbdullahAlmutawa · poc
https://github.com/AbdullahAlmutawa/CVE-2024-50945

This repository contains a writeup for CVE-2024-50945, a Broken Access Control vulnerability in SimplCommerce. The vulnerability allows unauthorized users to post reviews for products they have not purchased by manipulating the EntityId parameter in review submission requests.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: SimplCommerce (commit 230310c8d7a0408569b292c5a805c459d47a1d8f)
No auth needed
Prerequisites: Access to the review submission endpoint · Knowledge of a valid product ID
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0059
EPSS Percentile 43.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-284
Status published
Published Dec 27, 2024
Tracked Since Feb 18, 2026