| Titel | sepidz SepidzDigitalMenu 7.1.0728.1 Sensitive Data Exposure leads to Broken Access Control |
|---|
| Beschreibung | have identified a critical bug where sending a request to the Waiters' path exposes the entire username and clear-text passwords of users, including administrators. Through the use of Google dork "intitle:"sepidzdigitalmenu", all targeted customers can be easily determined.
This security vulnerability poses a significant risk to the confidentiality of user credentials and compromises the privacy of both regular users and administrators. |
|---|
| Quelle | ⚠️ http://menu.tircoffee.ir/Waiters |
|---|
| Benutzer | QF5252 (UID 62585) |
|---|
| Einreichung | 29.01.2024 13:31 (vor 2 Jahren) |
|---|
| Moderieren | 06.02.2024 09:16 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 252994 [sepidz SepidzDigitalMenu bis 7.1.0728.1 /Waiters Information Disclosure] |
|---|
| Punkte | 17 |
|---|