CVE-2022-0596

Name of the Vulnerable Software and Affected Versions microweber/microweber versions prior to 1.2.11

Description The issue is related to improper validation of specified quantity in input, which can lead to business logic errors. This could allow an attacker to manipulate the total value and potentially get products for free by setting a negative product amount.

Recommendations For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider implementing additional validation checks on product quantities to prevent negative values. Restrict access to sensitive functionality that relies on product quantity inputs until the update is applied.