Business Logic Errors in pimcore/pimcore

Valid

Reported on

Dec 9th 2021

Description

The application is vulnerable to Business Logic error through negative cart amount.

Proof of Concept

Step 1: Login to the application https://10.x-dev.pimcore.fun/admin/login?perspective=

Step 2: Navigate to Online shop -> Pricing Rules -> Voucher Discount -> Actions``

Step 3: Enter Negative amount in Cart Discount and click on save.

The whole Pricing Rules module is affected.

We are processing your report and will contact the pimcore team within 24 hours. a year ago
We have contacted a member of the pimcore team and are waiting to hear back a year ago
We have sent a follow up to the pimcore team. We will try again in 7 days. a year ago
Divesh Pahuja
a year ago

Maintainer

Hi,

I have created an issue https://github.com/pimcore/pimcore/issues/11024.

However, the severity seems a bit high since this can be only changed by administrators with proper rights.

Thanks, Divesh

Devendra Bhatla modified the report
a year ago
Devendra Bhatla
a year ago

Researcher

I have modified the report and it seems fine now.

We have sent a second follow up to the pimcore team. We will try again in 10 days. a year ago
Devendra Bhatla
a year ago

Researcher

@divesh pahuja Is this fixed ?

I request you to please mark this as valid if a fix is deployed.

Divesh Pahuja validated this vulnerability a year ago
Devendra Bhatla has been awarded the disclosure bounty
The fix bounty is now up for grabs
Divesh Pahuja
a year ago

Maintainer

@Devendra Bhatla It is marked as valid now.

The issue is open on repo and will be fixed in the next bugfix release.

Devendra Bhatla
a year ago

Researcher

Thanks for sharing an update !

Bernhard Rusch marked this as fixed in 10.2.6 with commit 701192 a year ago
Bernhard Rusch has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation