Описание
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the fe_uid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization.
EPSS
Процентиль: 22%
0.00072
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-693
Связанные уязвимости
CVSS3: 7.5
github
5 месяцев назад
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the `fe_uid` parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization.
EPSS
Процентиль: 22%
0.00072
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-693