Vulnerability Details CVE-2024-50654
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.6%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2024-50654
-
cpe:2.3:a:pickmall:lilishop:-
-
cpe:2.3:a:pickmall:lilishop:1.0
-
cpe:2.3:a:pickmall:lilishop:4.1
-
cpe:2.3:a:pickmall:lilishop:4.2
-
cpe:2.3:a:pickmall:lilishop:4.2.1
-
cpe:2.3:a:pickmall:lilishop:4.2.2
-
cpe:2.3:a:pickmall:lilishop:4.2.3
-
cpe:2.3:a:pickmall:lilishop:4.2.4