Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrDev6968AFC8981-BAFF-4082-B640-BE535B29EB9A
HistoryDec 10, 2021 - 7:05 p.m.

Business Logic Errors in yetiforcecompany/yetiforcecrm

2021-12-1019:05:40
dev696
www.huntr.dev
13
business logic errors
application security
proof of concept
bug bounty

EPSS

0.001

Percentile

21.0%

JSON

Description

The application is vulnerable to Business Logic error through negative product amount.

Proof of Concept

Step 1: Login into the application https://gitstable.yetiforce.com/index.php

Step 2: Navigate to Database -> Product -> Edit any product.

Step 3: Now enter a negative amount in Unit Price field and click on save. Here a product is added with a negative amount.

Related

osv 2
cve 1
nvd 1
cvelist 1
veracode 1
prion 1
github 1
osv
osv
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
2021-12-16 21:01:15
CVE-2021-4111
2021-12-15 09:15:06
cve
cve
CVE-2021-4111
2021-12-15 09:15:06
nvd
nvd
CVE-2021-4111
2021-12-15 09:15:06
cvelist
cvelist
CVE-2021-4111 Business Logic Errors in yetiforcecompany/yetiforcecrm
2021-12-15 08:55:11
veracode
veracode
Denial Of Service (DoS)
2021-12-16 05:55:46
prion
prion
Code injection
2021-12-15 09:15:00
github
github
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
2021-12-16 21:01:15

EPSS

0.001

Percentile

21.0%

JSON
Related for 8AFC8981-BAFF-4082-B640-BE535B29EB9A
osv2cve1nvd1cvelist1veracode1prion1github1