CVE-2025-30073 Information

Description

An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment the first or all transactions with the same reference are completed depending on timing. This can be used to transfer more money onto employee cards than is paid.

Reference

https://www.syss.de/pentest-blog/businesslogik-fehler-bei-aufwertung-von-geldkarten-in-opcr-webapp-aufwertung-syss-2024-089