GastKont Insecure Direct Object Reference in cdSoft Onlinetools-Smart Winhotel.MX 2021: Exposing Customer's Sensitive Information
CVE-2022-27247 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.
Learn more about our Web Application Penetration Testing UK.