lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
History

Thu, 21 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-346
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 20 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Pickmall
Pickmall lilishop
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:pickmall:lilishop:*:*:*:*:*:*:*:*
Vendors & Products Pickmall
Pickmall lilishop
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}


Fri, 15 Nov 2024 16:30:00 +0000

Type Values Removed Values Added
Description lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-15T00:00:00

Updated: 2024-11-21T19:03:34.053Z

Reserved: 2024-10-28T00:00:00

Link: CVE-2024-50654

cve-icon Vulnrichment

Updated: 2024-11-21T19:02:08.666Z

cve-icon NVD

Status : Modified

Published: 2024-11-15T17:15:20.507

Modified: 2024-11-21T19:15:11.113

Link: CVE-2024-50654

cve-icon Redhat

No data.