CVE-2023-6832
Business Logic Errors in microweber/microweber
6.0
MEDIUM
CVSS 3.1
EPSS 0.14%
Description
A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.
How to fix CVE-2023-6832
To remediate CVE-2023-6832, upgrade the affected package to a fixed version below.
- —upgrade to 2.0.0 or later
Is CVE-2023-6832 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.0 | CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |