CVE-2024-50944

Name of the Vulnerable Software and Affected Versions: SimplCommerce version at commit 230310c8d7a0408569b292c5a805c459d47a1d8f SimplCommerce version 1.0.0

Description: An integer overflow vulnerability exists in the shopping cart functionality of SimplCommerce. The issue lies in the quantity parameter in the CartController's AddToCart method, allowing remote attackers to manipulate product quantities and total prices via crafted inputs that exploit insufficient validation of the quantity parameter.

Recommendations: For SimplCommerce version at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, consider disabling the AddToCart method in the CartController until a patch is available. For SimplCommerce version 1.0.0, restrict access to the shopping cart functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the quantity parameter in the affected shopping cart functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.