CVE-2024-8949

MEDIUM

SourceCodester Online Eyewear Shop 1.0 - Improper Ownership Management

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-8949. PoCs published by gh-ost00.

AI-analyzed exploit summary This repository describes a broken access control vulnerability (CVE-2024-8949) in Sourcecodester's Online Eyewear Shop v1.0, where cart ID manipulation allows attackers to add or delete items from other users' carts. The PoC outlines steps using BurpSuite to intercept and modify cart IDs.

Description

A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WRITEUP 2 stars

by gh-ost00 · poc

https://github.com/gh-ost00/CVE-2024-8949-POC

View Code ZIP pw:eip

This repository describes a broken access control vulnerability (CVE-2024-8949) in Sourcecodester's Online Eyewear Shop v1.0, where cart ID manipulation allows attackers to add or delete items from other users' carts. The PoC outlines steps using BurpSuite to intercept and modify cart IDs.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Sourcecodester Online Eyewear Shop v1.0

Auth required

Prerequisites: User authentication · BurpSuite or similar intercepting proxy

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.277767

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.277767

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.409459

Permissions Required exploit

https://github.com/gurudattch/CVEs/edit/main/Sourcecodester-Online-Eyewear-shop-webiste-Broken-access-control.md

View Writeup ZIP pw:eip

Product product

https://www.sourcecodester.com/

Scores

CVSS v3 6.3

EPSS 0.0070

EPSS Percentile 48.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-282

Status published

Products (1)

oretnom23/online_eyewear_shop 1.0

Published Sep 17, 2024

Tracked Since Feb 18, 2026