CVE-2023-6832
published 2023-12-15CVE-2023-6832: Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
PriorityP418medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.51%
39.7th percentile
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 2.0 | 2.0 |
| microweber | microweber | >= 0 < 2.0.0 | 2.0.0 |
| microweber | microweber_microweber | >= unspecified < 2.0 | 2.0 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv3.06.0MEDIUMCVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Business Logic Errors in microweber/microweber
ghsa·2023-12-15
CVE-2023-6832 [MEDIUM] Business Logic Errors in microweber/microweber
Business Logic Errors in microweber/microweber
A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.
OSV
Business Logic Errors in microweber/microweber
osv·2023-12-15
CVE-2023-6832 [MEDIUM] Business Logic Errors in microweber/microweber
Business Logic Errors in microweber/microweber
A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfeehttps://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfeehttps://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376
2023-12-15
Published