Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2025-50849

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.

Published: Jul 31, 2025
Updated: Aug 1, 2025
CVE: CVE-2025-50849
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

http://cs.com
https://github.com/hackerwahab/CS-Cart-Vulns/blob/main/CVE-2025-50849.md

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo