What the vulnerability does
01Description
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Explanation of Vulnerability in Simple Terms
VikRentCar versions up to 1.4.5 contain an authorization flaw that exposes sensitive data. An attacker on the network can read confidential information without authentication or user interaction. The vulnerability affects the authorization mechanism, allowing unauthorized access to protected resources. Update to version 1.4.6 or later.
What an attacker can do
Read sensitive data from the application without logging in.
Potential impact on your site
Confidential rental or customer data may be exposed to unauthenticated attackers.
Conditions required to exploit
Network access to the application; no authentication required.
Key dates
External resources
Related vulnerabilities