Design/Logic Flaw

2017-01-2321:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.4%

JSON

B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to “corrupt the business logic” via a negative value in an overdraft.

CPENameOperatorVersion
c2boxle4.0.0

CPE	Name	Operator	Version
	c2box	le	4.0.0

References

packetstormsecurity.com/files/136450/C2Box-4.0.0-r19171-Validation-Bypass.html