CVE-2024-50651

Published: Nov 15, 2024Modified: Nov 27, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.

Affected (1)

Products: Geeeeeeeek: Java Shop

Geeeeeeeek

1 product

Java Shop

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Geeeeeeeek Java Shop	Version 1.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/Yllxx03/CVE/blob/main/java_shop/BrokenAccessControl.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50651

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.