Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.5 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.10 views

SourceCodester Pharmacy Product Management System 安全漏洞

SourceCodester Pharmacy Product Management System is an open-source medication management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Product Management System contains a security vulnerability. This vulnerability arises from the fact that the add-sales.php file...

7.5CVSS5.8AI score0.0025EPSS
Exploits1References1
CVE
CVE
added 2026/04/01 12:0 a.m.11 views

CVE-2026-30573

The CVE-2026-30573 affects SourceCodester Pharmacy Product Management System 1.0. A business logic flaw in add-sales.php allows negative values for txtprice and txttotalcost, skipping input validation. This can produce incorrect financial calculations, corrupt sales reports, and potential financi...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/27 6:31 p.m.4 views

EUVD-2026-16708

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...

7.5CVSS5.8AI score0.00256EPSS
Exploits1References2
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.9 views

LPDA sales can potentially have buying function reverting indefinately due to negative price

Lines of code Vulnerability details Impact While i'm assuming there are checks for this on UI or off-chain, this wasn't mentioned in the docs or the comments, so its worth flagging and possibly implementating the mitigation step as a precaution since it is also cheap on gas. The price can...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/01 12:0 a.m.16 views

PRICE's getCurrentPrice() can return zero price

Lines of code Vulnerability details Currently no price validity check is performed in getCurrentPrice. This way zero ohmEthPriceFeed.latestRoundData produced prices will yield zero getCurrentPrice which will be passed over to the logic. Also, negative OHM price or zero / negative reserve...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.7 views

Unsafe _price cast

Lines of code Vulnerability details Impact The price provided by chainlink AggregatorV3 could be a negative, if that happend the cast of the price goes high, in example, cast -1 to uint256 was 2256 - 1 Proof of Concept return uint256price.adjustDecimalsfeedDecimals, decimals; Tools Used Manual...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/02 12:0 a.m.16 views

Malicious user can indefinitely freeze the funds of another user

Lines of code Vulnerability details Impact By design, a user's cooldown period is extended if they receive a transfer of hPal. The cooldown is extended based on the weight of the receiver's original balance and cooldown period compared to the sent amount and sender's cooldown period. Due to this...

6.7AI score
Exploits0
Veracode
Veracode
added 2022/01/19 5:36 a.m.26 views

Business Logic Errors

pimcore/pimcore is vulnerable to business logic errors. An attacker can exploit this flaw by providing a negative price amount to the actionCartDiscount function in pricing/config/item.js file as it does not properly check user input negative price amounts...

4.3CVSS4.5AI score0.008EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/01/12 10:54 p.m.16 views

GHSA-8QVX-F5GF-G43V Logic error in dolibarr

The application does not check the input of price number lead to Business Logic error through negative price amount...

4.3CVSS4.4AI score0.00851EPSS
Exploits1References4
Veracode
Veracode
added 2022/01/11 5:7 a.m.11 views

Business Logic Errors

dolibarr/dolibarr is vulnerable to business logic errors. An attacker can exploit this flaw by providing a negative price amount to the create function in don.class.php as it does not properly check user input negative price amounts...

4.3CVSS4.8AI score0.00851EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2021/10/22 2:25 p.m.9 views

Business Logic Errors in microweber/microweber

Description A fixed price coupon can be applied to get negative price for a product Proof of Concept 1: Create a fixed coupon Example: $200 coupon, $300 minimum 2: Add two products into the cart Example $50 + $300 3: Apply the fixed coupon. 4: Remove the $300 product. Observe that the price is no...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2015/03/20 12:0 a.m.24 views

YXcms1.2.7 刷账户预存款余额

简要描述: YXcms1.2.7 刷账户预存款余额 详细说明: 问题存在于protested/apps/member/controller/shopcarController.php 只判断了数目不能为负,但没有判断价格不能为负。 访问链接http://127.0.0.1/YXcmsApp1.2.7/index.php?r=member/shopcar/caradd post: 'code' = int 1 'name' = int 1 'price' = float -100 'num' = int 1 就向购物车里塞了一个负数价格的商品。 生成订单然后支付,就可以刷余额了。...

7.1AI score
Exploits0
Rows per page
Query Builder