0 quantity orders are allowed in microweber/microweber


Reported on

May 6th 2022


In the case of commodity purchases, the quantity is 0. Orders should not be allowed to be created, consuming meaningless resource behavior, and the order quantity should always be >=1

Proof of Concept

empty order


Meaningless resource consumption

We are processing your report and will contact the microweber team within 24 hours. a year ago
cra5h modified the report
a year ago
a year ago


The picture is normal to open, I don't know why the report is broken

cra5h modified the report
a year ago
We have contacted a member of the microweber team and are waiting to hear back a year ago
Bozhidar Slaveykov modified the Severity from Medium to Low a year ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Bozhidar Slaveykov validated this vulnerability a year ago
cra5h has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Bozhidar Slaveykov marked this as fixed in 1.2.16 with commit 6b7bcb a year ago
Bozhidar Slaveykov has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation