CVE-2021-4031
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Syltek | Syltek | 10.22.00 < 10.22.00 | affected |
Weaknesses
- CWE-345: CWE-345 Insufficient Verification of Data Authenticity
Workarounds
This vulnerability has been solved by Playtomic in the in the 10.22.00 version.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.