| Titel | Smartstore AG Smartstore 6.2.0 Race Condition |
|---|
| Beschreibung | A race condition vulnerability was discovered in the gift voucher redemption process of smartstore/Smartstore. The flaw allows multiple distinct users or guests to redeem the same voucher concurrently via /checkout/confirm/. This can enable attackers with guest sessions or multiple accounts to redeem a single voucher multiple times across different accounts, potentially resulting in unauthorized financial gain. |
|---|
| Benutzer | kkc73 (UID 89422) |
|---|
| Einreichung | 24.08.2025 08:44 (vor 10 Monaten) |
|---|
| Moderieren | 21.09.2025 10:48 (28 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 325134 [Smartstore bis 6.2.0 Gift Voucher /checkout/confirm/ Race Condition] |
|---|
| Punkte | 16 |
|---|