Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-63562

Опубликовано: 31 окт. 2025
Источник: nvd
CVSS3: 6.3
EPSS Низкий

Описание

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters (e.g., owner or resource id).

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:summerpearlgroup:vacation_rental_management_platform:*:*:*:*:*:*:*:*
Версия до 1.0.2 (исключая)

EPSS

Процентиль: 16%
0.00051
Низкий

6.3 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

github логотип

GHSA-65x3-jm69-w8w4

CVSS3: 6.3
github
3 месяца назад

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters (e.g., owner or resource id).

EPSS

Процентиль: 16%
0.00051
Низкий

6.3 Medium

CVSS3

Дефекты

CWE-284