CVE-2018-16157

CVE-2018-16157

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.

Source: CVE-2018-16157

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다