| Title | sepidz SepidzDigitalMenu 7.1.0728.1 Sensitive Data Exposure leads to Broken Access Control |
|---|
| Description | have identified a critical bug where sending a request to the Waiters' path exposes the entire username and clear-text passwords of users, including administrators. Through the use of Google dork "intitle:"sepidzdigitalmenu", all targeted customers can be easily determined.
This security vulnerability poses a significant risk to the confidentiality of user credentials and compromises the privacy of both regular users and administrators. |
|---|
| Source | ⚠️ http://menu.tircoffee.ir/Waiters |
|---|
| User | QF5252 (UID 62585) |
|---|
| Submission | 01/29/2024 13:31 (2 years ago) |
|---|
| Moderation | 02/06/2024 09:16 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252994 [sepidz SepidzDigitalMenu up to 7.1.0728.1 /Waiters information disclosure] |
|---|
| Points | 17 |
|---|