exploitDog

CVE-2024-50654

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.

Ссылки

https://github.com/Yllxx03/CVE/blob/main/lilishop/CouponLogicVulnerability.md
Exploit
Third Party Advisory
https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50654
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pickmall:lilishop:*:*:*:*:*:*:*:*

Версия до 4.2.4 (включая)

EPSS

Процентиль: 43%

0.00205

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-346

Связанные уязвимости

GHSA-wrr5-xwcp-mrf2

CVSS3: 7.5

github

около 1 года назад

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.

EPSS

Процентиль: 43%

0.00205

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-346