Vulnerability ID: QTVA-2015-154334
Vulnerability Description: CmsEasy order payment loopholes cart untreated verify the number of goods, leading to proficient user can ~
Vulnerability Cause: Verify Buy quantity
Vulnerability consequences: 0 yuan shopping, proficient
-----
Recently nothing better to dig burrows, found a loophole CMSEASY payment orders, but the audit rejected.
From vulnerability numbers point of view, this is the loophole in 2015 submitted, but five years ago vulnerabilities still exist.
----
I copy the details submitted to the Sky
Vulnerability address: http: // localhost: 83 / index.php case = archive & act = orders (cart)?
Vulnerability reason: Commodity Quantity unverified
Vulnerability Consequences: 0 yuan purchase of goods, proficient account platform
After payment for the order of:
Backstage:
Financial: