| Title | Smartstore AG Smartstore 6.2.0 Race Condition |
|---|
| Description | A race condition vulnerability was discovered in the gift voucher redemption process of smartstore/Smartstore. The flaw allows multiple distinct users or guests to redeem the same voucher concurrently via /checkout/confirm/. This can enable attackers with guest sessions or multiple accounts to redeem a single voucher multiple times across different accounts, potentially resulting in unauthorized financial gain. |
|---|
| User | kkc73 (UID 89422) |
|---|
| Submission | 08/24/2025 08:44 (10 months ago) |
|---|
| Moderation | 09/21/2025 10:48 (28 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325134 [Smartstore up to 6.2.0 Gift Voucher /checkout/confirm/ race condition] |
|---|
| Points | 16 |
|---|