Business Logic Error in Magento Commerce: Price Alteration Vulnerability in placeOrder Mutation

Business Logic Error in Magento Commerce: Price Alteration Vulnerability in placeOrder Mutation

CVE-2021-36012 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item.

Learn more about our Web Application Penetration Testing UK.