exploitDog

GHSA-wcqx-pwqh-x4mj

Опубликовано: 24 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 7.1

CVSS3: 7.5

Описание

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.

Ссылки

EPSS

Процентиль: 14%

0.00045

Низкий

7.1 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2018-25129

CVSS3: 7.5

nvd

около 2 месяцев назад

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.

EPSS

Процентиль: 14%

0.00045

Низкий

7.1 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-639