Business Logic Errors in pimcore/pimcore

Valid

Reported on

Dec 9th 2021


Description

The application is vulnerable to Business Logic error through negative cart amount.

Proof of Concept

Step 1: Login to the application https://10.x-dev.pimcore.fun/admin/login?perspective=

Step 2: Navigate to Online shop -> Pricing Rules -> Voucher Discount -> Actions``

Step 3: Enter Negative amount in Cart Discount and click on save.

The whole Pricing Rules module is affected.

We are processing your report and will contact the pimcore team within 24 hours. 5 months ago
We have contacted a member of the pimcore team and are waiting to hear back 5 months ago
We have sent a follow up to the pimcore team. We will try again in 7 days. 5 months ago
Divesh Pahuja
5 months ago

Maintainer


Hi,

I have created an issue https://github.com/pimcore/pimcore/issues/11024.

However, the severity seems a bit high since this can be only changed by administrators with proper rights.

Thanks, Divesh

Devendra Bhatla modified the report
5 months ago
Devendra Bhatla
5 months ago

Researcher


I have modified the report and it seems fine now.

We have sent a second follow up to the pimcore team. We will try again in 10 days. 5 months ago
Devendra Bhatla
5 months ago

Researcher


@divesh pahuja Is this fixed ?

I request you to please mark this as valid if a fix is deployed.

Divesh Pahuja validated this vulnerability 5 months ago
Devendra Bhatla has been awarded the disclosure bounty
The fix bounty is now up for grabs
Divesh Pahuja
5 months ago

Maintainer


@Devendra Bhatla It is marked as valid now.

The issue is open on repo and will be fixed in the next bugfix release.

Devendra Bhatla
5 months ago

Researcher


Thanks for sharing an update !

Bernhard Rusch confirmed that a fix has been merged on 701192 4 months ago
Bernhard Rusch has been awarded the fix bounty
to join this conversation