Business Logic Error in Magento Commerce: Price Alteration Vulnerability in placeOrder Mutation
CVE-2021-36012 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item.
Learn more about our Web Application Penetration Testing UK.