CVE-2023-6832

MEDIUM6.0EPSS 0.14%

Business Logic Errors in microweber/microweber

Published: 12/15/2023Modified: 11/29/2024

Description

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.

Affected packages (1)

Packagist/microweber/microweberfrom 0, < 2.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.0	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-6832
PATCHhttps://github.com/microweber/microweber
WEBhttps://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee
WEBhttps://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376