Description

A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic. This vulnerability causes the total price to be reduced to zero, allowing the attacker to add items to the cart and proceed to checkout.

INFO

Published Date :

2024-11-14T00:00:00.000Z

Last Modified :

2024-11-20T16:15:49.251Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50968 vulnerability.

Vendors Products
Adonesevangelista
  • Agri-trading Online Shopping System
  • Trading Online Shopping System
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50968.

URL Resource
https://github.com/Akhlak2511/CVE-2024-50968 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact