Business Logic Errors in microweber/microweber
Moderate severity
GitHub Reviewed
Published
Dec 15, 2023
to the GitHub Advisory Database
•
Updated Dec 21, 2023
Description
Published by the National Vulnerability Database
Dec 15, 2023
Published to the GitHub Advisory Database
Dec 15, 2023
Reviewed
Dec 15, 2023
Last updated
Dec 21, 2023
A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.
References