What the vulnerability does
01Description
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
What the vulnerability does
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.
Explanation of Vulnerability in Simple Terms
EventPrime versions up to 4.3.0.0 contain an authorization flaw that allows authenticated users to access sensitive information they should not be able to view. An attacker with a low-privilege account can read confidential data and make limited modifications. The vulnerability requires valid login credentials but no additional user interaction.
What an attacker can do
Read sensitive data and make limited changes to the site using a low-privilege account.
Potential impact on your site
Unauthorized data exposure and potential data modification by authenticated users with restricted roles.
Conditions required to exploit
Attacker must have a valid EventPrime user account with low-level privileges.
Key dates
External resources
Related vulnerabilities