Lucene search

Veracode Vulnerability DatabaseVERACODE:44597

HistoryDec 07, 2023 - 12:39 p.m.

Business Logic Errors

2023-12-0712:39:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

microweber

vulnerability

business logic

software

security

check

content items

checkout

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.1%

JSON

microweber is vulnerable for Business Logic Errors. The vulnerability is due to the get function in CartManager.php lacking a check for whether the content items are unpublished or deleted before they are processed for checkout.

CPENameOperatorVersion
microweber/microweberle2.0.0.x-dev
microweber/microweberle2.0.0.x-dev

CPE	Name	Operator	Version
	microweber/microweber	le	2.0.0.x-dev
	microweber/microweber	le	2.0.0.x-dev

References

github.com/microweber/microweber/commit/eee0c6771e152022a91089a547272c8a542bb74e

huntr.com/bounties/cf4b68b5-8d97-4d05-9cde-e76b1a414fd6

huntr.com/bounties/cf4b68b5-8d97-4d05-9cde-e76b1a414fd6/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.1%

JSON

Related for VERACODE:44597