ywxbear PHP Bookstore Quantity Handler Improper Input Validation Vulnerability

A vulnerability exists in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website versions prior to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. The issue arises in the Quantity Handler component within the file /index.php, where there is improper validation of quantity inputs. This vulnerability can be exploited remotely, allowing for manipulation of product quantities, such as entering negative values, which could disrupt the application's payment logic.

Impact

Exploitation of this vulnerability allows for improper validation of quantity inputs, which can lead to negative values being processed. This manipulation can disrupt the application's payment logic, potentially causing financial discrepancies or exploitation of the payment system.

Reproduction

To reproduce this vulnerability, download the ywxbear PHP-Bookstore-Website-Example project and set it up on a local server. After configuring the database and modifying any necessary configuration files, access the website's homepage. Once there, navigate to the product quantity input for any item. The vulnerability can be exploited by entering a negative number into the quantity field. The application will incorrectly process this input, resulting in a negative total price for the product, which disrupts the expected payment logic.