| Título | Smartstore AG Smartstore 6.2.0 Race Condition |
|---|
| Descripción | A race condition vulnerability was discovered in the gift voucher redemption process of smartstore/Smartstore. The flaw allows multiple distinct users or guests to redeem the same voucher concurrently via /checkout/confirm/. This can enable attackers with guest sessions or multiple accounts to redeem a single voucher multiple times across different accounts, potentially resulting in unauthorized financial gain. |
|---|
| Usuario | kkc73 (UID 89422) |
|---|
| Sumisión | 2025-08-24 08:44 (hace 10 meses) |
|---|
| Moderación | 2025-09-21 10:48 (28 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 325134 [Smartstore hasta 6.2.0 Gift Voucher /checkout/confirm/ condición de carrera] |
|---|
| Puntos | 16 |
|---|