CVE-2024-39319— aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-39319
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
Source: NVD (National Vulnerability Database)
Vulnerability Description
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Aimeos frontend controller 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Aimeos frontend controller是https://github.com/aimeos开源的一个前端控制器。 Aimeos frontend controller存在安全漏洞,该漏洞源于不安全的直接对象引用,可能允许攻击者禁用其他客户的订阅和评论功能。以下版本受到影响:2024.4.2之前版本、2023.10.9之前版本、2022.10.8之前版本、2021.10.8之前版本和2020.10.15之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| aimeos | ai-controller-frontend | = 2024.04.1 | - |
II. Public POCs for CVE-2024-39319
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-39319
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: aimeos
- CVE-2021-47763
Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL i - CVE-2025-66468
Aimeos GrapesJS CMS extension possible stores XSS exploitabl - CVE-2024-47173
Aimeos GraphQL API admin interface denial of service vulnera - CVE-2024-39325
aimeos/ai-controller-frontend doesn't reset payment status i - CVE-2024-39322
aimeos/ai-admin-jsonadm improper access control vulnerabilit
Same weakness: CWE-639
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-42291
SysReptor: Read-write access to personal notes by sharing-li - CVE-2026-44400
MailEnable Enterprise Premium < 10.55 Authorization Bypass v - CVE-2026-42279
solidtime: Time entry update endpoint allows cross-organizat - CVE-2026-42277
Onyx: IDOR in /chat/file/{file_id} allows any authenticated
V. Comments for CVE-2024-39319
No comments yet