Описание
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2019-05-08 (включая)
Одновременно
cpe:2.3:o:ddrt:dashcom_live_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ddrt:dashcom_live:-:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.0029
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs.
EPSS
Процентиль: 52%
0.0029
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306