CVE-2024-8949

🗓️ 17 Sep 2024 19:00:12Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

Critical vulnerability in SourceCodester Online Eyewear Shop 1.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-8949	17 Sep 202422:18	–	circl
CNNVD	Online Eyewear Shop 安全漏洞	17 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-8949 SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management	17 Sep 202419:00	–	cvelist
EUVD	EUVD-2024-49503	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8949	17 Sep 202419:15	–	nvd
Positive Technologies	PT-2024-39334 · Unknown · Sourcecodester Online Eyewear Shop	17 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-8949	23 May 202510:34	–	redhatcve
Vulnrichment	CVE-2024-8949 SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management	17 Sep 202419:00	–	vulnrichment

NVD

Vulners

Node

oretnom23 online_eyewear_shopMatch1.0

[
  {
    "vendor": "SourceCodester",
    "product": "Online Eyewear Shop",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ],
    "modules": [
      "Cart Content Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
sourcecodester	www.sourcecodester.com/
vuldb	www.vuldb.com/
github	www.github.com/gurudattch/CVEs/edit/main/Sourcecodester-Online-Eyewear-shop-webiste-Broken-access-control.md

Parameter	Position	Path	Description	CWE
cart_id	path	/classes/Master.php	Privilege/ownership escalation via manipulation of cart_id or id parameter in Master.php for Cart Content Handler.	CWE-282
id	path	/classes/Master.php	Privilege/ownership escalation via manipulation of cart_id or id parameter in Master.php for Cart Content Handler.	CWE-282

23 Sep 2024 18:05Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.3 - 8.8

CVSS 45.3

CVSS 26.5

CVSS 36.3

EPSS0.01173

SSVC

CWE-282