216.73.216.170

CVE-2025-50849

· Published 31/07/2025 15:15 · Modified 31/07/2025 18:42

Labels: CVE-2025-50849 2025-07-31CVE-2025-50849CWE-639[email protected]

Essential information

Published
31/07/2025 15:15
Modified
31/07/2025 18:42
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cs-cart / cs-cart cpe:2.3:a:cs-cart:cs-cart:4.18.3:*:*:*:*:*:*:*

References