GastKont Insecure Direct Object Reference in cdSoft Onlinetools-Smart Winhotel.MX 2021: Exposing Customer's Sensitive Information

GastKont Insecure Direct Object Reference in cdSoft Onlinetools-Smart Winhotel.MX 2021: Exposing Customer's Sensitive Information

CVE-2022-27247 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.

Learn more about our Web Application Penetration Testing UK.