| Titolo | Bdtask Isshue - Multi Store eCommerce Shopping Cart Solution With POS v5 Business Logic Flaw |
|---|
| Descrizione | The server's checkout logic improperly trusts price-related fields (order_total_amount, cart_total_amount) sent by the client in the POST request. Instead of authoritatively calculating the order total from trusted server-side data (such as product prices stored in the database), the application accepts the client-supplied values. This critical flaw enables an attacker to submit a manipulated, lower price at checkout and have it processed as valid. |
|---|
| Fonte | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/7 |
|---|
| Utente | 4m3rr0r (UID 85795) |
|---|
| Sottomissione | 31/10/2025 20:07 (8 mesi fa) |
|---|
| Moderazione | 15/11/2025 07:34 (14 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 332565 [Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution /submit_checkout escalationi di privilegi] |
|---|
| Punti | 20 |
|---|