exploitDog

CVE-2025-40645

Опубликовано: 02 окт. 2025

Источник: nvd

EPSS Низкий

Описание

Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viday

EPSS

Процентиль: 33%

0.00136

Низкий

Дефекты

CWE-200

Связанные уязвимости

GHSA-h2hv-xmr8-g377

github

6 месяцев назад

Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter.

EPSS

Процентиль: 33%

0.00136

Низкий

Дефекты

CWE-200