Insecure Direct Object Reference in Bagisto Affects Sensitive Data Access
CVE-2023-36238

6.5MEDIUM

Key Information:

Vendor: Bagisto
Status: Bagisto
Vendor: CVE Published:; 13 March 2024

What is CVE-2023-36238?

The vulnerability in Bagisto involves an Insecure Direct Object Reference (IDOR) in version 1.5.1, enabling unauthorized users to access sensitive information by manipulating the invoice ID parameter. This flaw can lead to data exposure, posing security threats for users and administrators relying on the integrity of their invoices. Proper input validation and access control measures are crucial to prevent unauthorized data access in affected systems.

References

https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Jun 21, 2023

CVE-2023-36238 Data

JSON