CVE-2024-50654
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/Yllxx03/CVE/blob/main/lilishop/CouponLogicVulnerability.md
- https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50654
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.