Improper Validation of Integrity Check Value in microweber/microweber

Valid

Reported on

Oct 17th 2021


Description

I create a coupon only for one user and also is one-time use coupon.

then create two user and both of them can use the coupon but only one of them should able to use the coupon.

We have contacted a member of the microweber team and are waiting to hear back a year ago
amammad modified the report
a year ago
amammad
a year ago

Researcher


Hey @maintainer

Can I ask you check this report too?

Thanks a lot.

We have sent a second follow up to the microweber team. We will try again in 10 days. a year ago
Peter Ivanov validated this vulnerability a year ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov confirmed that a fix has been merged on 0cbfdc a year ago
Peter Ivanov has been awarded the fix bounty
amammad
10 months ago

Researcher


Hey @maintiner

Is this problem solved now ?

I tested it again and it is still exist in demo.microweber.org

to join this conversation