Insecure Direct Object Reference (IDOR) Vulnerability in gugoan Economizzer: Unauthorized Access to Cash Book Entry Attachments

Insecure Direct Object Reference (IDOR) Vulnerability in gugoan Economizzer: Unauthorized Access to Cash Book Entry Attachments

CVE-2023-38872 · LOW Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.

Learn more about our User Device Pen Test.