CVE-2025-50849

{"id": "CVE-2025-50849", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2025-07-31T15:15:36.977", "references": [{"url": "http://cs.com", "source": "[email protected]"}, {"url": "https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50849.md", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers."}, {"lang": "es", "value": "CS Cart 4.18.3 es vulnerable a la Referencia Directa a Objetos Insegura (IDOR). La funci\u00f3n de perfil de usuario permite habilitar o deshabilitar stickers mediante un par\u00e1metro (company_id) enviado en la solicitud. Sin embargo, esta operaci\u00f3n no se valida correctamente en el servidor. Un usuario autenticado puede manipular la solicitud para afectar las cuentas de otros usuarios y activar o desactivar la configuraci\u00f3n de stickers modificando el company_id u otros identificadores de objeto."}], "lastModified": "2025-07-31T18:42:37.870", "sourceIdentifier": "[email protected]"}