| Title | sepidz SepidzDigitalMenu 7.1.0728.1 Sensitive Data Exposure leads to Broken Access Control |
|---|
| Description | have identified a critical bug where sending a request to the Waiters' path exposes the entire username and clear-text passwords of users, including administrators. Through the use of Google dork "intitle:"sepidzdigitalmenu", all targeted customers can be easily determined.
This security vulnerability poses a significant risk to the confidentiality of user credentials and compromises the privacy of both regular users and administrators. |
|---|
| Source | ⚠️ http://menu.tircoffee.ir/Waiters |
|---|
| User | QF5252 (ID 62585) |
|---|
| Submission | 29/01/2024 13h31 (4 months ago) |
|---|
| Moderation | 06/02/2024 09h16 (8 days later) |
|---|
| Status | Aceite |
|---|
| VulDB Entry | 252994 |
|---|