CVE-2021-4031 - Syltek Insufficient
Verification of Data Authenticity

Playtomic's Syltek software has a vulnerability in all versions before 10.22.00 where it does not verify that a product ID has a valid payment associated to it. This allows an
attacker to forge a request and bypass the payment system by marking items as payed without any verification. 

Playtomic has fixed this vulnerability in version 10.22.00 of the software, released on 02/12/2021.

Security Advisory: