CVE-2025-63562

Published
View on NVD ↗
CVSS v3
6.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters (e.g., owner or resource id).

Stolichnayer/Summer-Pearl-Group-Broken-Access-Control
Stolichnayer/Summer-Pearl-Group-Broken-Access-Control
Summer Pearl Group's Vacation Rental Management Platform versions ≤ 1.0.1 contain a Broken Access Control vulnerability in multiple endpoints.
GitHubGitHub