CVE-2020-21503

Name of the Vulnerable Software and Affected Versions: waimai Super Cms version 20150505

Description: The issue allows attackers to modify a price before form submission by observing data in a packet capture. This is achieved by setting the credit parameter to -1 in the "index.php?m=gift&a=addsave" endpoint, resulting in the product being sold for free.

Recommendations: For waimai Super Cms version 20150505, as a temporary workaround, consider restricting access to the "index.php?m=gift&a=addsave" endpoint to minimize the risk of exploitation. Additionally, avoid using the credit parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.