CVE-2024-50968

Name of the Vulnerable Software and Affected Versions: itsourcecode Agri-Trading Online Shopping System version 1.0

Description: A business logic issue exists in the Add to Cart function, allowing remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic, reducing the total price to zero and allowing them to add items to the cart and proceed to checkout.

Recommendations: For itsourcecode Agri-Trading Online Shopping System version 1.0, consider disabling the Add to Cart function until a patch is available to prevent exploitation of the business logic vulnerability. Restrict access to the quant parameter to minimize the risk of manipulation. As a temporary workaround, implement validation to ensure the quantity value is not set to -0 when adding products to the cart.