CVE-2021-4031

Summary

Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.

Affected Software

VendorProductVersion RangeStatus
SyltekSyltek10.22.00 < 10.22.00affected

Weaknesses

  • CWE-345: CWE-345 Insufficient Verification of Data Authenticity

Workarounds

This vulnerability has been solved by Playtomic in the in the 10.22.00 version.

ADP Enrichment

CVE Program Container

Additional References

References