Price Manipulation on Cart

TaintedPort

Back to App
Vuln ID TP-019 Title Price Manipulation on Cart Severity high Type Business Logic HTTP Method POST URL /cart/add Parameter price Filename - Code Location backend/api/controllers/CartController.php line 32; backend/api/models/Cart.php lines 44-48

Description

The cart add endpoint accepts an optional price field which updates the wine's price in the database. An attacker can set any wine's price to 0.01.

Proof of Concept

{"wine_id": 1, "quantity": 1, "price": 0.01}

Remediation

Remove the $customPrice parameter entirely. Always use the database price.