CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).

Published: Apr 19, 2024
Updated: Jun 4, 2025
CVE: CVE-2024-32166
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
webidsupport / webid	1.2.1	1.2.1.x

https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md

Vulnerability Database

CVE-2024-32166