Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xamZ4LWZ2eDctM3d2d84AA3yi

Moderate EPSS: 0.00108% (0.30258 Percentile) EPSS:
Permalink JSON

Business Logic Errors in microweber/microweber

Affected Packages Affected Versions Fixed Versions
packagist:microweber/microweber < 2.0.0 2.0.0
1 Dependent packages
5 Dependent repositories
13,531 Downloads total

Affected Version Ranges

All affected versions

0.9.346, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, v1.2.3, v1.2.4, v1.2.5, v1.2.6, v1.2.7, v1.2.8, v1.2.9, v1.2.10, v1.2.11, v1.2.12, v1.2.13, v1.2.14, v1.2.15, v1.2.16, v1.2.17, v1.2.18, v1.2.19, v1.2.20, v1.2.21, v1.3.0, v1.3.1, v1.3.2, v1.3.3, v1.3.4

All unaffected versions

v2.0.0, v2.0.1, v2.0.2, v2.0.3, v2.0.4, v2.0.5, v2.0.6, v2.0.7, v2.0.8, v2.0.9, v2.0.10, v2.0.11, v2.0.12, v2.0.13, v2.0.14, v2.0.15, v2.0.16, v2.0.17, v2.0.18, v2.0.19, v2.0.20

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.

References:

Identifiers

GHSA-qjfx-fvx7-3wvw

CVE-2023-6832

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00108

EPSS Percentile: 0.30258

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/microweber/microweber

Date and time

Published

almost 2 years ago

Updated

almost 2 years ago

API

JSON