Vulnerability: Logic Flaw in Waimai Super Cms 20150505 Allows Price Modification

Vulnerability: Logic Flaw in Waimai Super Cms 20150505 Allows Price Modification

CVE-2020-21503 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free.

Learn more about our Cms Pen Testing.