CVE Catalog

CVE-2026-48868

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile - higher than 19% of all known CVEs

Summary

Versions of Simple Shopping Cart <= 5.2.9 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

Risk Assessment

Organizations may be exposed to unauthorized access to user data or other sensitive information, potentially leading to loss of customer trust and financial losses.

Recommendation

It is recommended to upgrade to the latest version of Simple Shopping Cart to mitigate this vulnerability and implement proper authorization mechanisms for all object references.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS