What the vulnerability does
01Description
Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.
Explanation of Vulnerability in Simple Terms
Projectopia versions up to 5.1.25.2 contain an authorization flaw that allows unauthenticated attackers to read sensitive data over the network. The vulnerability requires no user interaction and can be exploited remotely. No integrity or availability impact has been identified. Update to a version newer than 5.1.25.2.
What an attacker can do
Read sensitive data from the application without authentication.
Potential impact on your site
Confidential information may be exposed to anyone with network access to your Projectopia installation.
Conditions required to exploit
Network access to the Projectopia instance; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities