| Title | Bdtask Isshue - Multi Store eCommerce Shopping Cart Solution With POS v5 Business Logic Flaw |
|---|
| Description | The server's checkout logic improperly trusts price-related fields (order_total_amount, cart_total_amount) sent by the client in the POST request. Instead of authoritatively calculating the order total from trusted server-side data (such as product prices stored in the database), the application accepts the client-supplied values. This critical flaw enables an attacker to submit a manipulated, lower price at checkout and have it processed as valid. |
|---|
| Source | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/7 |
|---|
| User | 4m3rr0r (UID 85795) |
|---|
| Submission | 10/31/2025 20:07 (8 months ago) |
|---|
| Moderation | 11/15/2025 07:34 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 332565 [Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution /submit_checkout behavioral workflow] |
|---|
| Points | 20 |
|---|