What the vulnerability does
01Description
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
Explanation of Vulnerability in Simple Terms
Simple Shopping Cart versions up to 5.2.9 contain an authorization bypass that exposes sensitive data. An attacker on the network can read confidential information without authentication or user interaction. The vulnerability stems from insufficient access controls on data retrieval functions. Update to a version newer than 5.2.9 to remediate.
What an attacker can do
Read sensitive data from the shopping cart system without logging in.
Potential impact on your site
Customer data, pricing, or other confidential cart information may be exposed to unauthenticated attackers.
Conditions required to exploit
Network access to the affected site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities