CVE-2025-50849

Name of the Vulnerable Software and Affected Versions CS Cart version 4.18.3

Description CS Cart is susceptible to an Insecure Direct Object Reference (IDOR) issue. The user profile functionality does not properly validate server-side operations when enabling or disabling stickers. An authenticated user can manipulate requests to affect other users' accounts by modifying object identifiers, such as the company id parameter.

Recommendations Ensure proper validation of the company id parameter and other object identifiers on the server side to prevent unauthorized access and modification of user data.