# CVE-2024-50944
# Description
SimplCommerce is affected by an integer overflow vulnerability in the cart logic, allowing manipulation of product quantities and total prices via crafted quantity parameters.



# Detection Method
An attacker can detect this vulnerability by adding a product to the cart with a quantity of 2,147,483,647 and then adding one more. If the quantity and total price turn negative, it confirms that the site is vulnerable to integer overflow.


# Tested on
230310c8d7a0408569b292c5a805c459d47a1d8f commit


# Links
https://www.simplcommerce.com/

https://github.com/simplcommerce/SimplCommerce

https://github.com/simplcommerce/SimplCommerce/issues/1110

# Disclosur Timeline	
- **October 2, 2024**: Vulnerability discovered and reported to SimplCommerce.
- **October 8, 2024**: Follow-up email sent to the vendor.
- **October 11, 2024**: CVE ID request submitted to MITRE.
- **October 15, 2024**: Vendor replied to the initial report.
- **November 14, 2024**: CVE ID assigned by MITRE.
- **December 21, 2024**: Affected versions patched by the vendor.
- **December 24, 2024**: Public disclosure of the vulnerability.

# Credits
Abdullah Almutawa