CVE-2024-46307

Oct. 15, 2024, 2:57 p.m.

7.5
High

Description

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

Product(s) Impacted

Vendor Product Versions
Sparkshop
  • Sparkshop
  • *

Weaknesses

CWE-841
Improper Enforcement of Behavioral Workflow
The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a sparkshop sparkshop / / / / / / / /

References

http://sparkshop.com
https://gitee.com/sparkshop/sparkshop
https://github.com/Yllxx03/CVE/tree/main/CVE-2024-46307

Tags

cve@mitre.org
CWE-841
NVD-CWE-noinfo
2024-10-09
CVE-2024-46307

CVSS Score

7.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Date

  • Published: Oct. 9, 2024, 5:15 p.m.
  • Last Modified: Oct. 15, 2024, 2:57 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.