AWS VDP: Unlimited Reuse of Coupon Code Allows Free Shipping on All Orders on ██████████

A vulnerability was found in the coupon code system of the ██████████ online store. The coupon code for free shipping could be used multiple times on any number of orders without any restrictions or tracking. This allowed users to bypass shipping charges indefinitely, resulting in a direct...

PT-2024-34381 · Crmeb · Crmeb

Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.4.0 Description: The issue allows users to bypass the front-end restriction of only being able to claim coupons once. This can be achieved by capturing packets and sending a large number of data packets for coupon...