إرسال #844355: SourceCodester Simple Food Ordering System 1.0 Business Logic Errorsالمعلومات

عنوانSourceCodester Simple Food Ordering System 1.0 Business Logic Errors
الوصفThe Simple Food Ordering System contains a business logic vulnerability in its shopping cart functionality. The application accepts user-controlled input via the item_price parameter and uses this value directly for cart calculations and order processing without validating it against the actual product price stored in the database. An attacker can intercept the add-to-cart request and modify the item_price parameter to an arbitrary value, including zero or negative numbers. As a result, products can be added to the cart and purchased at attacker-controlled prices, leading to unauthorized discounts, free purchases, negative order totals, and manipulation of order records stored in the database.
المصدر⚠️ https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md
المستخدم
 Anonymous User
ارسال31/05/2026 08:13 PM (1 شهر منذ)
الاعتدال28/06/2026 08:39 PM (28 days later)
الحالةتمت الموافقة
إدخال VulDB374579 [SourceCodester Simple Food Ordering System 1.0 /cart.php item_price]
النقاط20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!