CVE-2024-50647
📋 TL;DR
CVE-2024-50647 is an authorization bypass vulnerability in python_food ordering system V1.0 that allows attackers to access sensitive user information by manipulating ID parameters in API requests. This affects all deployments of python_food V1.0 that expose the vulnerable API endpoint. Attackers can enumerate user data without authentication by simply changing ID values in requests.
💻 Affected Systems
- python_food ordering system
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all user data including personal information, payment details, and credentials, leading to identity theft, financial fraud, and regulatory violations.
Likely Case
Exfiltration of user profiles, contact information, and potentially order history, enabling targeted phishing attacks and privacy violations.
If Mitigated
Limited exposure of non-sensitive user data if proper input validation and authorization checks are implemented.
🎯 Exploit Status
Exploitation requires only HTTP requests with modified ID parameters. Public GitHub repositories contain demonstration code and details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Check project repositories for updates or implement workarounds.
🔧 Temporary Workarounds
API Endpoint Access Control
allImplement proper authorization checks before returning user information. Verify the requesting user has permission to access the requested user's data.
Web Application Firewall Rule
allBlock requests with suspicious ID parameter patterns or implement rate limiting on the vulnerable endpoint.
🧯 If You Can't Patch
- Restrict network access to the API endpoint using firewall rules to only allow trusted sources.
- Implement application-level input validation to reject non-numeric or out-of-range ID values.
🔍 How to Verify
Check if Vulnerable:
Send HTTP GET request to /api/myapp/index/user/info?id=1 and then try id=2, id=3, etc. If different user data is returned without authentication, the system is vulnerable.Check Version:
Check application configuration files or documentation for version information. No standard command available.Verify Fix Applied:
After implementing controls, test that requests with different ID values either return 403/401 errors or only return data for the authenticated user's own ID.📡 Detection & Monitoring
Log Indicators:
- Multiple sequential requests to /api/myapp/index/user/info with incrementing ID parameters
- Requests from single IP with different ID values in short timeframes
Network Indicators:
- HTTP GET requests to the vulnerable endpoint with numeric ID parameters
- Unusual data volume from the user info endpoint
SIEM Query:
source="web_server" AND uri_path="/api/myapp/index/user/info" AND uri_query="id=*" | stats count by src_ip, uri_query