8 matches found
CVE-2026-30573
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
EUVD-2026-16708
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...
LPDA sales can potentially have buying function reverting indefinately due to negative price
Lines of code Vulnerability details Impact While i'm assuming there are checks for this on UI or off-chain, this wasn't mentioned in the docs or the comments, so its worth flagging and possibly implementating the mitigation step as a precaution since it is also cheap on gas. The price can...
PRICE's getCurrentPrice() can return zero price
Lines of code Vulnerability details Currently no price validity check is performed in getCurrentPrice. This way zero ohmEthPriceFeed.latestRoundData produced prices will yield zero getCurrentPrice which will be passed over to the logic. Also, negative OHM price or zero / negative reserve...
Unsafe _price cast
Lines of code Vulnerability details Impact The price provided by chainlink AggregatorV3 could be a negative, if that happend the cast of the price goes high, in example, cast -1 to uint256 was 2256 - 1 Proof of Concept return uint256price.adjustDecimalsfeedDecimals, decimals; Tools Used Manual...
Business Logic Errors
pimcore/pimcore is vulnerable to business logic errors. An attacker can exploit this flaw by providing a negative price amount to the actionCartDiscount function in pricing/config/item.js file as it does not properly check user input negative price amounts...
Business Logic Errors in microweber/microweber
Description A fixed price coupon can be applied to get negative price for a product Proof of Concept 1: Create a fixed coupon Example: $200 coupon, $300 minimum 2: Add two products into the cart Example $50 + $300 3: Apply the fixed coupon. 4: Remove the $300 product. Observe that the price is no...
YXcms1.2.7 刷账户预存款余额
简要描述: YXcms1.2.7 刷账户预存款余额 详细说明: 问题存在于protested/apps/member/controller/shopcarController.php 只判断了数目不能为负,但没有判断价格不能为负。 访问链接http://127.0.0.1/YXcmsApp1.2.7/index.php?r=member/shopcar/caradd post: 'code' = int 1 'name' = int 1 'price' = float -100 'num' = int 1 就向购物车里塞了一个负数价格的商品。 生成订单然后支付,就可以刷余额了。...