提出 #844355: SourceCodester Simple Food Ordering System 1.0 Business Logic Errors情報

タイトルSourceCodester Simple Food Ordering System 1.0 Business Logic Errors
説明The Simple Food Ordering System contains a business logic vulnerability in its shopping cart functionality. The application accepts user-controlled input via the item_price parameter and uses this value directly for cart calculations and order processing without validating it against the actual product price stored in the database. An attacker can intercept the add-to-cart request and modify the item_price parameter to an arbitrary value, including zero or negative numbers. As a result, products can be added to the cart and purchased at attacker-controlled prices, leading to unauthorized discounts, free purchases, negative order totals, and manipulation of order records stored in the database.
ソース⚠️ https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md
ユーザー
 Anonymous User
送信2026年05月31日 20:13 (1 月 ago)
モデレーション2026年06月28日 20:39 (28 days later)
ステータス承諾済み
VulDBエントリ374579 [SourceCodester Simple Food Ordering System 1.0 /cart.php item_price]
ポイント20

Might our Artificial Intelligence support you?

Check our Alexa App!