Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1: Exploiting Audit Log Manipulation and CSV Injection

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1: Exploiting Audit Log Manipulation and CSV Injection

CVE-2023-47022 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.

Learn more about our User Device Pen Test.