CVE-2023-6832

Name of the Vulnerable Software and Affected Versions microweber/microweber versions prior to 2.0

Description A vulnerability has been identified in microweber where users can exploit business logic errors to obtain items at a lower price. This occurs when the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code.

Recommendations For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider disabling the coupon code functionality entirely to prevent exploitation. Restrict access to the API endpoint that handles coupon codes to minimize the risk of exploitation. Avoid using the coupon code functionality in the affected API endpoint until the issue is resolved.