Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-50945 PoC — SimplCommerce 安全漏洞

Source
https://github.com/AbdullahAlmutawa/CVE-2024-50945
Associated Vulnerability
Title:SimplCommerce 安全漏洞 (CVE-2024-50945)
Description:An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.
Description
SimplCommerce is affected by a broken access control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.
Readme
# CVE-2024-50945
SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.

# Detection Method
An attacker can detect this vulnerability by sending a request to the review submission endpoint and changing the EntityId to the ID of a product they have not purchased. If the review is successfully posted, it confirms the website is vulnerable to Broken Access Control vulnerability.

# Tested on
230310c8d7a0408569b292c5a805c459d47a1d8f commit

# Links
https://www.simplcommerce.com/

https://github.com/simplcommerce/SimplCommerce

# Disclosure Timeline

# Credits
Abdullah Almutawa
File Snapshot

 [4.0K]  /data/pocs/724ec953c00e5f30b7ba6ad8cb27e4b995448c93
└── [ 696]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →