Stolichnayer/Summer-Pearl-Group-Broken-Access-Control
GitHub
Releases0
Summer Pearl Group's Vacation Rental Management Platform versions ≤ 1.0.1 contain a Broken Access Control vulnerability in multiple endpoints.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.3 MEDIUM | — | ||
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters (e.g., owner or resource id). | |||