CVE-2021-4031 - Syltek Insufficient
Verification of Data Authenticity
Playtomic's Syltek software has a vulnerability in all versions before 10.22.00 where it does not verify that a product ID has a valid payment associated to it. This allows an
attacker to forge a request and bypass the payment system by marking items as payed without any verification.
Playtomic has fixed this vulnerability in version 10.22.00 of the software, released on 02/12/2021.
Security Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/syltek-insufficient-verification-data-authenticity