← Back

CVE-2024-46307

nvd nist
Published: Oct 9, 2024Modified: Oct 15, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

Affected (1)

Products: Sparkshop: Sparkshop
Sparkshop
1 product
Sparkshop
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Sparkshop
Up to 1.1.6

Related CWEs

CWE-841
Improper Enforcement of Behavioral Workflow
The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

References (3)

Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Product
Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.