CWE-1284
AllowedImproper Validation of Specified Quantity in Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
494 vulnerabilities reference this CWE, most recent first.
GHSA-6WPF-J472-FR56
Vulnerability from github – Published: 2025-02-12 00:32 – Updated: 2025-02-12 00:32Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.
{
"affected": [],
"aliases": [
"CVE-2023-31331"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T22:15:26Z",
"severity": "LOW"
},
"details": "Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.",
"id": "GHSA-6wpf-j472-fr56",
"modified": "2025-02-12T00:32:16Z",
"published": "2025-02-12T00:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31331"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6X74-CJF9-R2HC
Vulnerability from github – Published: 2023-02-09 18:30 – Updated: 2025-03-25 15:31The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
{
"affected": [],
"aliases": [
"CVE-2022-48297"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-09T17:15:00Z",
"severity": "HIGH"
},
"details": "The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.",
"id": "GHSA-6x74-cjf9-r2hc",
"modified": "2025-03-25T15:31:13Z",
"published": "2023-02-09T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48297"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/2"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-73PW-PFFQ-GH67
Vulnerability from github – Published: 2024-11-27 18:34 – Updated: 2024-11-27 21:32Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-9369"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-27T18:15:18Z",
"severity": "MODERATE"
},
"details": "Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-73pw-pffq-gh67",
"modified": "2024-11-27T21:32:44Z",
"published": "2024-11-27T18:34:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9369"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/368208152"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-75HF-VVF9-P39G
Vulnerability from github – Published: 2025-09-05 15:31 – Updated: 2026-04-01 18:36Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bonus for Woo: from n/a through 7.4.1.
{
"affected": [],
"aliases": [
"CVE-2025-58835"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T14:15:56Z",
"severity": "MODERATE"
},
"details": "Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bonus for Woo: from n/a through 7.4.1.",
"id": "GHSA-75hf-vvf9-p39g",
"modified": "2026-04-01T18:36:05Z",
"published": "2025-09-05T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58835"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/bonus-for-woo/vulnerability/wordpress-bonus-for-woo-plugin-7-4-1-other-vulnerability-type-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-75R7-WF67-87F9
Vulnerability from github – Published: 2024-06-10 18:31 – Updated: 2024-06-12 18:30A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.
This issue affects Avast Antivirus prior to 24.2.
{
"affected": [],
"aliases": [
"CVE-2024-5102"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-10T17:16:34Z",
"severity": "HIGH"
},
"details": "A sym-linked file accessed via the repair function in Avast Antivirus \u003c24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\\SYSTEM.\u00a0The vulnerability exists within the \"Repair\" (settings -\u003e troubleshooting -\u003e repair) feature, which attempts to delete a file in the current user\u0027s AppData directory as NT AUTHORITY\\SYSTEM. A\u00a0low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.\n\nThis issue affects Avast Antivirus prior to 24.2.",
"id": "GHSA-75r7-wf67-87f9",
"modified": "2024-06-12T18:30:40Z",
"published": "2024-06-10T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5102"
},
{
"type": "WEB",
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-75R9-XH7M-QFVX
Vulnerability from github – Published: 2024-09-07 18:30 – Updated: 2024-09-07 18:30A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-8558"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-07T16:15:02Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-75r9-xh7m-qfvx",
"modified": "2024-09-07T18:30:23Z",
"published": "2024-09-07T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8558"
},
{
"type": "WEB",
"url": "https://github.com/Niu-zida/cve/blob/main/Payment%20loopholes.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.276778"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.276778"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.403345"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-78VR-Q6CF-C7P6
Vulnerability from github – Published: 2026-06-19 21:15 – Updated: 2026-06-19 21:15Summary
The Order::setPaymentAmount() method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied 'paymentAmount' parameter directly to float with no lower-bound check.
Details
When the store has 'Allow Partial Payment on Checkout' enabled, a user can submit a payment amount of $0.00 or even a negative value, potentially marking orders as paid without a valid transaction.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Impact
On stores with partial payment enabled, a customer may be able to set an arbitrarily small payment amount. Gateway behavior varies — some will process $0.00 transactions, effectively giving free order fulfillment.
Remediation
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.6.4"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/commerce"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.6.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.11.1"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/commerce"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T21:15:23Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nThe `Order::setPaymentAmount()` method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied \u0027paymentAmount\u0027 parameter directly to float with no lower-bound check. \n\n### Details\n\nWhen the store has \u0027Allow Partial Payment on Checkout\u0027 enabled, a user can submit a payment amount of $0.00 or even a negative value, potentially marking orders as paid without a valid transaction.\n\n\u003cimg width=\"690\" height=\"80\" alt=\"image\" src=\"https://github.com/user-attachments/assets/78b653a6-ccae-4ce4-b71b-fc38a7757d73\" /\u003e\n\n\u003cimg width=\"761\" height=\"200\" alt=\"image\" src=\"https://github.com/user-attachments/assets/665a235f-62c2-45fe-aa41-c3f266881c77\" /\u003e\n\n### PoC\n\n_Complete instructions, including specific configuration details, to reproduce the vulnerability._\n\u003cimg width=\"606\" height=\"144\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a04a6de2-7c5f-4837-aed6-58756e246b80\" /\u003e\n\n\n### Impact\nOn stores with partial payment enabled, a customer may be able to set an arbitrarily small payment amount. Gateway behavior varies \u2014 some will process $0.00 transactions, effectively giving free order fulfillment.\n\n**Remediation**\n\n\u003cimg width=\"718\" height=\"98\" alt=\"image\" src=\"https://github.com/user-attachments/assets/aa64b696-9749-45e4-97f6-8d7299cdf1d6\" /\u003e",
"id": "GHSA-78vr-q6cf-c7p6",
"modified": "2026-06-19T21:15:23Z",
"published": "2026-06-19T21:15:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/commerce/security/advisories/GHSA-78vr-q6cf-c7p6"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/commerce/commit/9a88392b3074aa132a9455d4f4b582411df52c74"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/commerce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Craft Commerce: Partial Payment Amount Without Lower Bound Validation"
}
GHSA-797V-2V4C-3XVX
Vulnerability from github – Published: 2026-05-04 15:31 – Updated: 2026-06-30 03:36An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
{
"affected": [],
"aliases": [
"CVE-2025-70069"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T14:16:29Z",
"severity": "HIGH"
},
"details": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method",
"id": "GHSA-797v-2v4c-3xvx",
"modified": "2026-06-30T03:36:29Z",
"published": "2026-05-04T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70069"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-70069"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465306"
},
{
"type": "WEB",
"url": "https://gist.github.com/GunP4ng/9080ae7f0470c889a59cc3bfca445223"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70069.json"
},
{
"type": "WEB",
"url": "http://assimp.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CGG-8926-325V
Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2023-07-21 18:30The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
{
"affected": [],
"aliases": [
"CVE-2022-0214"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-14T12:15:00Z",
"severity": "HIGH"
},
"details": "The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog",
"id": "GHSA-7cgg-8926-325v",
"modified": "2023-07-21T18:30:33Z",
"published": "2022-02-15T00:02:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0214"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CQ3-5G9G-7W8Q
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
{
"affected": [],
"aliases": [
"CVE-2026-49078"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:17:19Z",
"severity": "HIGH"
},
"details": "Unauthenticated Other Vulnerability Type in WP Travel Engine \u003c= 6.7.10 versions.",
"id": "GHSA-7cq3-5g9g-7w8q",
"modified": "2026-06-15T21:30:49Z",
"published": "2026-06-15T21:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49078"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-travel-engine/vulnerability/wordpress-wp-travel-engine-plugin-6-7-10-other-vulnerability-type-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.