Improper Validation of Integrity Check Value in microweber/microweber

Valid

Reported on

Oct 17th 2021

Description

I create a coupon only for one user and also is one-time use coupon.

then create two user and both of them can use the coupon but only one of them should able to use the coupon.

We have contacted a member of the microweber team and are waiting to hear back 2 years ago

amammad modified the report

2 years ago

amammad

commented 2 years ago

Researcher

Hey @maintainer

Can I ask you check this report too?

Thanks a lot.

We have sent a second follow up to the microweber team. We will try again in 10 days. 2 years ago

Peter Ivanov validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Peter Ivanov marked this as fixed with commit 0cbfdc 2 years ago

Peter Ivanov has been awarded the fix bounty

This vulnerability will not receive a CVE

amammad

commented 2 years ago

Researcher

Hey @maintiner

Is this problem solved now ?

I tested it again and it is still exist in demo.microweber.org

to join this conversation

We have contacted a member of the microweber team and are waiting to hear back 2 years ago

amammad modified the report

2 years ago

amammad

commented 2 years ago

Researcher

Hey @maintainer

Can I ask you check this report too?

Thanks a lot.

We have sent a second follow up to the microweber team. We will try again in 10 days. 2 years ago

Peter Ivanov validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Peter Ivanov marked this as fixed with commit 0cbfdc 2 years ago

Peter Ivanov has been awarded the fix bounty

This vulnerability will not receive a CVE

amammad

commented 2 years ago

Researcher

Hey @maintiner

Is this problem solved now ?

I tested it again and it is still exist in demo.microweber.org

to join this conversation