| 제목 | SourceCodester Online Food Ordering System 1.0 Business Logic Errors |
|---|
| 설명 | A business logic vulnerability exists in Online Food Ordering System 1.0. The issue is found in the save_product action of the file Actions.php. The application fails to validate the 'price' POST parameter, allowing an authenticated attacker to set negative values for product prices. This results in the corruption of financial calculations during the ordering and checkout process. |
|---|
| 원천 | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/BusinessLogic-Product-NegativePrice.md |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 03. 25. AM 03:13 (16 날 ago) |
|---|
| 모더레이션 | 2026. 04. 08. PM 05:20 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 356259 [SourceCodester Online Food Ordering System 1.0 POST Parameter /Actions.php save_product price] |
|---|
| 포인트들 | 20 |
|---|