GHSA-vpq7-m4qm-p2gp
GitHub Security Advisory
Microweber vulnerable to Improper Validation of Specified Quantity in Input
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Microweber prior to version 1.2.11 can have a negative product amount. This could allow an attacker to manipulate the total value and get products for free.
Affected Packages
Packagist
microweber/microweber
Affected versions:
0
(fixed in 1.2.11)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 3, 2025 6:26 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.