Vulnerabilities > Geeeeeeeek > Java Shop

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-50651 Authorization Bypass Through User-Controlled Key vulnerability in Geeeeeeeek Java Shop 1.0
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
network
low complexity
geeeeeeeek CWE-639
6.5
6.5
2024-11-15 CVE-2024-50652 Unrestricted Upload of File with Dangerous Type vulnerability in Geeeeeeeek Java Shop 1.0
A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.
network
low complexity
geeeeeeeek CWE-434
4.3
4.3