CVE-2023-6832: Business Logic Errors in microweber/microweber
First published: Fri Dec 15 2023(Updated: )
A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.
Credit: security@huntr.dev security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/microweber/microweber | <2.0.0 | 2.0.0 |
| Microweber Microweber | <2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-qjfx-fvx7-3wvw
- alias/CVE-2023-6832
- collector/nvd-cve
- collector/github-advisory
- agent/references
- agent/type
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/weakness
- agent/title
- agent/event
- agent/tags
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- vendor/microweber
- canonical/microweber microweber
- package-manager/composer