CVE Catalog
CVE-2026-48868
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.28%
19th percentile - higher than 19% of all known CVEs
Summary
Versions of Simple Shopping Cart <= 5.2.9 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.
Risk Assessment
Organizations may be exposed to unauthorized access to user data or other sensitive information, potentially leading to loss of customer trust and financial losses.
Recommendation
It is recommended to upgrade to the latest version of Simple Shopping Cart to mitigate this vulnerability and implement proper authorization mechanisms for all object references.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

