216.73.216.75

CVE-2024-50968

· Published 14/11/2024 22:15 · Modified 20/11/2024 17:35

Labels: CVE-2024-50968 2024-11-14CVE-2024-50968NVD-CWE-noinfo[email protected]

Essential information

Published
14/11/2024 22:15
Modified
20/11/2024 17:35
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic. This vulnerability causes the total price to be reduced to zero, allowing the attacker to add items to the cart and proceed to checkout.

NVD status

Status
Modified — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
adonesevangelista / agri-trading online shopping system cpe:2.3:a:adonesevangelista:agri-trading_online_shopping_system:1.0:*:*:*:*:*:*:*

References