PT-2026-51114 · Packagist · Craftcms/Commerce

Publicado

2026-06-19

Atualizado

2026-06-19

CVE-2026-55795

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

The CartController defines a RateLimiter behavior that is only activated when the 'number' POST/GET parameter is explicitly provided.

Details

When an attacker submits coupon codes against the session-based cart (without passing a 'number' parameter), no rate limiting is applied. This allows unlimited attempts to guess coupon codes.

Vulnerable Code resim

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability.

Impact

An attacker can enumerate all coupon codes through automated requests.

Remediation Apply rate limiting unconditionally on actionUpdateCart regardless of whether 'number' is present.

Correção

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

CVE-2026-55795

GHSA-H5GM-X9WR-VHCM

Produtos afetados

Craftcms/Commerce

PT-2026-51114 · Packagist · Craftcms/Commerce

CVE-2026-55795

Summary

Details

PoC

Impact

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4