CVE-2022-27247

Published: May 13, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.

Affected (1)

Products: Cdsoft: Winhotel.mx

Cdsoft

1 product

Winhotel.mx

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cdsoft Winhotel.mx	Version 2021

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://myses.de/#about

Source: cve@mitre.org

Third Party Advisory

https://myses.de/pdf/CVE2022-27247.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://myses.de/#about

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://myses.de/pdf/CVE2022-27247.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.