| Название | SourceCodester Simple Food Ordering System 1.0 Business Logic Errors |
|---|
| Описание | The Simple Food Ordering System contains a business logic vulnerability in its shopping cart functionality. The application accepts user-controlled input via the item_price parameter and uses this value directly for cart calculations and order processing without validating it against the actual product price stored in the database. An attacker can intercept the add-to-cart request and modify the item_price parameter to an arbitrary value, including zero or negative numbers. As a result, products can be added to the cart and purchased at attacker-controlled prices, leading to unauthorized discounts, free purchases, negative order totals, and manipulation of order records stored in the database. |
|---|
| Источник | ⚠️ https://github.com/ogh-bnz/Simple-Food-Ordering-System/blob/main/Simple-Food-Ordering-System-Price-Manipulation.md |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 31.05.2026 20:13 (29 дни назад) |
|---|
| Модерация | 28.06.2026 20:39 (28 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 374579 [SourceCodester Simple Food Ordering System 1.0 /cart.php item_price] |
|---|
| Баллы | 20 |
|---|