Incorrect access control in Meabilis CMS Skip version allows attackers to access other users' address books via unspecified vectors.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Nethik.fr
[Affected Product Code Base] Meabilis CMS - 1.0 (=<)
[Affected Component] E-commerce Extension - Address Management Book
[Attack Type] Remote
[Impact Information Disclosure] true
[Attack Vectors]
Create an account on an e-commerce platform using Meabilis CMS
Go to the endpoint: "/mbCore/users/contacts/load,form.html?contactsId=randomID"
Put a random ID that can go up to 4366843
You will see the personal information of each customer.
[Discoverer] Lucas Solera
[Reference] http://meabilis.com http://nethikfr.com
Last active
November 21, 2024 16:39
-
-
Save luluhackme/8356703c7295d03d6e68a1ca652441b9 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment