CVE-2021-4031 - Syltek Insufficient
Verification of Data Authenticity

Playtomic's Syltek software has a vulnerability in all versions before 10.22.00 where it does not verify that a product ID has a valid payment associated to it. This allows an
attacker to forge a request and bypass the payment system by marking items as payed without any verification. 

Playtomic has fixed this vulnerability in version 10.22.00 of the software, released on 02/12/2021.

Security Advisory: https://www.incibe-cert.es/en/early-warning/security-advisories/syltek-insufficient-verification-data-authenticity