CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md
https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md

Products affected by CVE-2024-32166

Webidsupport » Webid » Version: 1.2.1

cpe:2.3:a:webidsupport:webid:1.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-32166

Products

Pricing

Contact Us