[Vulnerability] The coupoum validation functionality allows a malicious user to guess and forge a valid QR code allowing no payments or discounts.
The Park Payment machines using QR codes encode the following structure to create the voucher ticket, alowing merchants to gift their customers with free parking or discounts:
The field “Valor” and QTD define the ticket credit value and how many times the ticket can be used. Changing the field “valor” tha attacker can add more money to his ticket, not paying for the parking time.
——————————————
[Exploit]
No public exploits available
——————————————
[Vendor] DESIGNA
——————————————
[Affected Product Code Base] DESIGNA ABACUS – Version Basic and Premium ( all versions), version >= 18
