GHSA-qjfx-fvx7-3wvw

Source

https://github.com/advisories/GHSA-qjfx-fvx7-3wvw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-qjfx-fvx7-3wvw/GHSA-qjfx-fvx7-3wvw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qjfx-fvx7-3wvw

Aliases

CVE-2023-6832

Published

2023-12-15T03:30:18Z

Modified

2024-11-29T05:38:19.798384Z

Severity

6.0 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L CVSS Calculator

Summary

Business Logic Errors in microweber/microweber

Details

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.

Database specific

{
    "nvd_published_at": "2023-12-15T01:15:08Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-15T23:19:56Z"
}

References

Affected packages

Packagist / microweber/microweber

Package

Name: microweber/microweber
Purl: pkg:composer/microweber/microweber

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0

Affected versions

0.*

0.9.346

0.93

0.931

0.934

0.951

1.*

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1

v1.*

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.20

v1.2.21

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4