CVE-2024-32166

Name of the Vulnerable Software and Affected Versions Webid version 1.2.1

Description The issue allows attackers to exploit an Insecure Direct Object Reference (IDOR) vulnerability, which is a type of Broken Access Control vulnerability. This enables horizontal privilege escalation, permitting attackers to buy now an auction that is suspended.

Recommendations For Webid version 1.2.1, as a temporary workaround, consider restricting access to the auction functionality to prevent the exploitation of suspended auctions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.