漏洞关键信息 Title: OpenCart 4.1.0.3 Time-of-check Time-of-use Description: Unauthenticated TOCTOU Race Condition in OpenCart Checkout allows attackers to bypass business logic, leading to financial loss and inventory corruption. Concurrent requests can successfully apply single-use coupons multiple times (bypassing limits) and simultaneously deduct stock from products, causing negative inventory levels (overselling). This is exploitable via Guest Checkout (PR:N). Source: Link User: KhanMarshal (UID 89610) Submission Date: 12/10/2025 11:28 AM (24 days ago) Moderation Date: 12/27/2025 09:41 AM (17 days later) Status: Accepted VulDB Entry: 338494 [OpenCart up to 4.1.0.3 Single-Use Coupon race condition] Points: 19