18 matches found
CVE-2018-19319
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin=gifts=update to change goods prices with the super administrator's privileges...
EUVD-2018-11017
Malware in sbrugna...
EUVD-2021-34206
Malicious code in bioql PyPI...
EUVD-2021-34203
Malicious code in bioql PyPI...
CVE-2021-4376
The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value...
CVE-2023-23976 WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2...
CVE-2023-23976 WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2...
Reentrancy issue. User can easily mint more than allowed presale, bypassing merkle root limit
Lines of code Vulnerability details Impact Lack of reentrancy protection and code not follow Checks, Effects, Interactions pattern guideline. Here are the Effects stuff happen after Interactions affected by reentrancy: tokensMintedAllowlistAddress: tracking presale minted NFT per address...
Authorization
The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value...
No minOutAmount amount checks when buying
Lines of code Vulnerability details The tokenOutPrice can be changed with the setTokenOutPrice even if the sale is already running. Users might accept the current token price, send a purchase transaction, and before it is mined the token price can be un-intentionally changed. The user might recei...
Router would fail when adding liquidity to index Pool
Handle broccoli Vulnerability details Impact TridentRouter is easy to fail when trying to provide liquidity to an index pool. Users would not get extra lp if they are not providing lp at the pool's spot price. It's the same design as uniswap v2. However, uniswap's v2 handle's the dirty part...
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...
WordPress WooCommerce Multi Currency - Currency Switcher premium plugin <= 2.1.17 - Authenticated Product Price Change vulnerability
Authenticated Product Price Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WooCommerce Multi Currency - Currency Switcher premium plugin versions = 2.1.17. Solution Update the WordPress WooCommerce Multi Currency - Currency Switcher premium plugin to the latest availab...
WooCommerce Multi Currency < 2.1.18 - Authenticated Product Price Change
The plugin was vulnerable to Authenticated Product Price Change, which could allow customers to change the price of all products...
distributePriceChange might revert
Handle gpersoon Vulnerability details Impact The function distributePriceChange includes the following statement: lastGvtAssets = gvtAssets.addcurrentTotalAssets.subtotalAssets; If you look at this: lastGvtAssets = gvtAssets.addcurrentTotalAssets.subgvtAssets.addpwrdAssets; lastGvtAssets =...
CVE-2018-19319
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges...
OLX: I found a way to instantly take over ads by other users and change them (IDOR)
A local LetGo webpage was vulnerable to Insecure Data Object Reference issue which could have lead to ad hijack or settings change price, description, location. @kciredor discovered this vulnerability and notified us about this. We would like to thank you for this report. Please do not hesitate t...
CVE-2006-5246
Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information...