Improper Validation of Integrity Check Value in microweber/microweber

Valid

Reported on

Oct 17th 2021


Description

I create a coupon only for one user and also is one-time use coupon.

then create two user and both of them can use the coupon but only one of them should able to use the coupon.

We have contacted a member of the microweber team and are waiting to hear back 2 months ago
We have contacted a member of the microweber team and are waiting to hear back 2 months ago
amammad modified their report
2 months ago
amammad
a month ago

Researcher


Hey @maintainer

Can I ask you check this report too?

Thanks a lot.

We have sent a second follow up to the microweber team. We will try again in 10 days. a month ago
We have sent a second follow up to the microweber team. We will try again in 10 days. a month ago
Peter Ivanov validated this vulnerability a month ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov confirmed that a fix has been merged on 0cbfdc a month ago
Peter Ivanov has been awarded the fix bounty
amammad
12 days ago

Researcher


Hey @maintiner

Is this problem solved now ?

I tested it again and it is still exist in demo.microweber.org