CVE-2025-50849

HIGH

8.0

Descripcion

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.

Detalles CVE

Puntuacion CVSS v3.18.0

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado7/31/2025

Ultima modificacion7/31/2025

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-639

Referencias

http://cs.com(cve@mitre.org)

https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50849.md(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.