CVE-2024-32166

April 19, 2024, 4:19 p.m.

None
No Score

Description

Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).

Product(s) Impacted

Product Versions
Webid
  • 1.2.1

Weaknesses

References

https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md

Tags

Date

  • Published: April 19, 2024, 2:15 p.m.
  • Last Modified: April 19, 2024, 4:19 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.