exploitDog

GHSA-m8pw-9fx4-mvpr

Опубликовано: 16 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 7.1

CVSS3: 7.5

Описание

Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.

Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.

Ссылки

EPSS

Процентиль: 14%

0.00047

Низкий

7.1 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2025-41020

CVSS3: 7.5

nvd

4 месяца назад

Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.

EPSS

Процентиль: 14%

0.00047

Низкий

7.1 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639