Описание
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.
Ссылки
- Product
- Exploit
- Permissions RequiredVDB Entry
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:code-projects:human_resource_management:1.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00171
Низкий
5.5 Medium
CVSS3
9.8 Critical
CVSS3
5.2 Medium
CVSS2
Дефекты
CWE-266
CWE-862
Связанные уязвимости
CVSS3: 5.5
github
11 месяцев назад
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 39%
0.00171
Низкий
5.5 Medium
CVSS3
9.8 Critical
CVSS3
5.2 Medium
CVSS2
Дефекты
CWE-266
CWE-862