Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).
References
Link | Resource |
---|---|
https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md | Exploit Third Party Advisory |
https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md | Exploit Third Party Advisory |
Configurations
History
03 Jun 2025, 14:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Webidsupport
Webidsupport webid |
|
CPE | cpe:2.3:a:webidsupport:webid:1.2.1:*:*:*:*:*:*:* | |
References | () https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md - Exploit, Third Party Advisory |
21 Nov 2024, 09:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md - |
01 Aug 2024, 13:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-639 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
Summary |
|
19 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-19 14:15
Updated : 2025-06-03 14:02
NVD link : CVE-2024-32166
Mitre link : CVE-2024-32166
CVE.ORG link : CVE-2024-32166
JSON object : View
Products Affected
webidsupport
- webid
CWE
CWE-639
Authorization Bypass Through User-Controlled Key