CVE-2024-50945 PoC — SimplCommerce 安全漏洞

Source

https://github.com/AbdullahAlmutawa/CVE-2024-50945

Associated Vulnerability

Title:SimplCommerce 安全漏洞 (CVE-2024-50945)
Description:SimplCommerce是SimplCommerce开源的一个基于 .NET 构建的简单、跨平台、模块化电子商务系统。 SimplCommerce存在安全漏洞，该漏洞源于访问控制不当。

Description

SimplCommerce is affected by a broken access control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.

Readme

# CVE-2024-50945
SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.

# Detection Method
An attacker can detect this vulnerability by sending a request to the review submission endpoint and changing the EntityId to the ID of a product they have not purchased. If the review is successfully posted, it confirms the website is vulnerable to Broken Access Control vulnerability.

# Tested on
230310c8d7a0408569b292c5a805c459d47a1d8f commit

# Links
https://www.simplcommerce.com/

https://github.com/simplcommerce/SimplCommerce

# Disclosure Timeline

# Credits
Abdullah Almutawa

File Snapshot


 [4.0K]  /data/pocs/724ec953c00e5f30b7ba6ad8cb27e4b995448c93
└── [ 696]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!