CVE-2026-60118 in Hi.Eventsinfo

Zusammenfassung

von MITRE • 14.07.2026

Hi.Events through v1.10.0-beta contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidden ticket IDs from visible ones and submit order creation requests referencing those IDs to purchase VIP, invite-only, or discounted tickets intentionally withheld from public sale.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

VulnCheck

Reservieren

08.07.2026

Veröffentlichung

14.07.2026

Moderieren

akzeptiert

Eintrag

VDB-378353

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!