Submeter #787678: SourceCodester Online Food Ordering System 1.0 Business Logic Errorsinformação

TítuloSourceCodester Online Food Ordering System 1.0 Business Logic Errors
DescriçãoA business logic vulnerability exists in Online Food Ordering System 1.0. The issue is found in the save_product action of the file Actions.php. The application fails to validate the 'price' POST parameter, allowing an authenticated attacker to set negative values for product prices. This results in the corruption of financial calculations during the ordering and checkout process.
Fonte⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/BusinessLogic-Product-NegativePrice.md
Utilizador
 Anonymous User
Submissão25/03/2026 03h13 (há 15 dias)
Moderação08/04/2026 17h20 (15 days later)
EstadoAceite
Entrada VulDB356259 [SourceCodester Online Food Ordering System 1.0 POST Parameter /Actions.php save_product price]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!