0 quantity orders are allowed in microweber/microweber


Reported on

May 6th 2022


In the case of commodity purchases, the quantity is 0. Orders should not be allowed to be created, consuming meaningless resource behavior, and the order quantity should always be >=1

Proof of Concept

empty order


Meaningless resource consumption

We are processing your report and will contact the microweber team within 24 hours. 18 days ago
cra5h modified the report
18 days ago
18 days ago


The picture is normal to open, I don't know why the report is broken

cra5h modified the report
18 days ago
We have contacted a member of the microweber team and are waiting to hear back 17 days ago
Bozhidar Slaveykov modified the Severity from Medium to Low 15 days ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Bozhidar Slaveykov validated this vulnerability 15 days ago
cra5h has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Bozhidar Slaveykov confirmed that a fix has been merged on 6b7bcb 15 days ago
Bozhidar Slaveykov has been awarded the fix bounty
to join this conversation