php - Prestashop 1.6 Amount Tampering While Check Out
I have a shopping cart built in Prestashop 1.6 and I have integrated HDFC Payment Gateway in it . After an security audit the bank told me "The test found one high-risk vulnerability (i.e. Amount Tampering)". Resolution- Kindly maintain the session.
I had not coded anything as Prestashop 1.6 is in built CMS and neither did i do anything with the HDFC payment gateway as they provided a pre built code from their end which is developed using Prestashop 1.6. I just installed the module from backend.
- Added one item to the cart and checked out. (eg - 400 USD)
- On the 3rd party hdfc payment gateway page i didn't process with the payment.
- Opened another tab and added few more items (eg - 400 USD + 300 USD)
- Now back to point 2 and i processed with the amount for 400 USD and paid.
- In my admin panel its showing paid for 400 USD + 300 USD and two items are bought by the customer .
I have no idea how to solve this Amount related issue.
I am a newbie in Prestashop and Payment Gateway Integration.