CVE-2023-6832

MEDIUM6.0EPSS 0.14%

Business Logic Errors in microweber/microweber

發布日:2023/12/15修改日:2024/11/29

描述

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.

受影響套件(1)

Packagist/microweber/microweberfrom 0, < 2.0.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.0	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-6832
PATCHhttps://github.com/microweber/microweber
WEBhttps://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee
WEBhttps://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376