Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1: Exploiting Audit Log Manipulation and CSV Injection
CVE-2023-47022 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
Learn more about our User Device Pen Test.