Invia #844355: SourceCodester Simple Food Ordering System 1.0 Business Logic Errorsinformazioni

TitoloSourceCodester Simple Food Ordering System 1.0 Business Logic Errors
DescrizioneThe Simple Food Ordering System contains a business logic vulnerability in its shopping cart functionality. The application accepts user-controlled input via the item_price parameter and uses this value directly for cart calculations and order processing without validating it against the actual product price stored in the database. An attacker can intercept the add-to-cart request and modify the item_price parameter to an arbitrary value, including zero or negative numbers. As a result, products can be added to the cart and purchased at attacker-controlled prices, leading to unauthorized discounts, free purchases, negative order totals, and manipulation of order records stored in the database.
Fonte⚠️ https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md
Utente
 Anonymous User
Sottomissione31/05/2026 20:13 (1 mese fa)
Moderazione28/06/2026 20:39 (28 days later)
StatoAccettato
Voce VulDB374579 [SourceCodester Simple Food Ordering System 1.0 /cart.php item_price]
Punti20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!