Submit #826530: SourceCodester (razormist) Customer Review App Using Tkinter in Python 1.0 otherinfo

TitleSourceCodester (razormist) Customer Review App Using Tkinter in Python 1.0 other
DescriptionA vulnerability was found in SourceCodester Customer Review App Using Tkinter in Python 1.0. The affected functions add_review() and save_review() in review_app.py do not perform any input validation on the name and comment parameters before writing them to the local file reviews.json. Manipulation of these arguments with excessively large input allows a local attacker to cause unbounded disk usage (Denial of Service). Additionally, a bare except clause in get_all_reviews() silently suppresses all file read errors, causing silent data loss with no user notification.
Source⚠️ https://pastebin.com/Ud5vaGp6
User
 ameenkbrd (UID 98192)
Submission05/12/2026 10:02 (2 months ago)
Moderation05/31/2026 19:58 (19 days later)
StatusAccepted
VulDB entry367588 [SourceCodester Customer Review App 1.0 review_app.py add_review/save_review/get_all_reviews name/comment denial of service]
Points17

Interested in the pricing of exploits?

See the underground prices here!