CVE-2022-36638

An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders...

CVE-2024-34104 Adobe Commerce | Improper Authorization (CWE-285)

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both...

CVE-2022-36638

An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders...

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

Lines of code Vulnerability details function matchOneToOneOrders OrderTypes.MakerOrder calldata makerOrders1, OrderTypes.MakerOrder calldata makerOrders2 external uint256 startGas = gasleft; uint256 numMakerOrders = makerOrders1.length; requiremsg.sender == MATCHEXECUTOR, 'OME';...