CVE-2018-16157
The CVE-2018-16157 entry describes a logic flaw in waimai Super Cms 20150505 where attackers can modify the price before form submission by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart can be sold for free. The available...