CVE-2024-5230 MEDIUM

CVE-2024-5230: EnvaySoft FleetCart information disclosure

Vendor Envaysoft
Product FleetCart
Weakness CWE-200 · Info exposure
Published May 23, 2024
Last update August 1, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.

Key dates

02Disclosure timeline

May 23, 2024 CVE published
August 1, 2024 Record updated