Описание
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:aifu:cashier_accounting_management_system:-:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.
EPSS
Процентиль: 33%
0.00131
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-Other