#Insufficient Validation
3 postsBugForge - Daily - Cheesy Does It (Jul 5, 2026)
The Cheesy Does It password reset accepts a null OTP, skipping verification to hand back the admin reset token and enabling a full account takeover.
Otp Bypass Insufficient Validation Broken Authentication User Enumeration Account Takeover Brute Force
Posted on 2026-07-05 20:00 5 min read
BugForge - Daily - Cheesy Does It (Feb 2, 2026)
A business logic flaw in the tip functionality of the Cheesy Does It pizza ordering application allows users to submit negative tip percentages during the…
Business Logic Flaw Insufficient Validation
Posted on 2026-02-02 20:00 4 min read
BugForge - Daily - Cheesy Does It (Jan 26, 2026)
A business logic flaw in the refund endpoint allows arbitrary refund amounts without validation against actual order values. The API endpoint and payload…
Business Logic Flaw Insufficient Validation
Posted on 2026-01-26 20:00 4 min read