Описание
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.8 (исключая)
cpe:2.3:a:sun.net:ehrd_ctms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00168
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.
EPSS
Процентиль: 38%
0.00168
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-639