Jrdw0O

**Name of the Vulnerable Software and Affected Versions** waimai Super Cms version 20150505 **Description** The issue allows attackers to modify the price of items in a cart by exploiting a logic flaw. This can be done by observing data in a packet capture and setting the `item totals` parameter to zero in the "index.php?m=cart&a=save" endpoint, resulting in the entire cart being sold for free. **Recommendations** For waimai Super Cms version 20150505, as a temporary workaround, consider restricting access to the "index.php?m=cart&a=save" endpoint to prevent exploitation. Avoid using the `item totals` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.