Unable to indicate negative amount in captial in unilogies/bumsys

Valid

Reported on

Apr 19th 2023

Description

Unable to indicate negative amount in captial

Proof of Concept

1) Login application
2) Go to Capital > Add Capital > Fill in amount -999,999,999.00
3) The website indicate an negative amount.

Impact

This vulnerability is capable of saving negative amount

We are processing your report and will contact the unilogies/bumsys team within 24 hours. a month ago
We have contacted a member of the unilogies/bumsys team and are waiting to hear back a month ago
Khurshid Alam validated this vulnerability a month ago
Joshua Chan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Khurshid Alam marked this as fixed in 2.2.0 with commit e71c02 a month ago
Khurshid Alam has been awarded the fix bounty
This vulnerability will not receive a CVE
Khurshid Alam published this vulnerability a month ago
to join this conversation