Exposure of Shopify employee summit page allows anonymous users to place orders for free books vulnerability
Posted: Wed Oct 30, 2024 4:51 pm
The issue highlights an access control vulnerability, allowing unauthorized individuals to interact with an internal ordering page. This flaw could lead to unintended costs and unauthorized distribution, emphasizing the need for strict access controls on sensitive web pages.
https://hackerone.com/reports/2552027
https://hackerone.com/reports/2552027