Low
resolved
resolved
Unlimited Reuse of Coupon Code Allows Free Shipping on All Orders on ██████████
Bug reported by Aneeeketh was disclosed at February 9, 2026, 3:57 pm | Business Logic Errors
A vulnerability was found in the coupon code system of the ██████████ online store. The coupon code for free shipping could be used multiple times on any number of orders without any restrictions or tracking. This allowed users to bypass shipping charges indefinitely, resulting in a direct financial impact on the company's revenue. The vulnerability was caused by the lack of server-side validation to limit the usage of the coupon code.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
