CVE-2017-17693

Name of the Vulnerable Software and Affected Versions Techno - Portfolio Management Panel through 2017-11-16

Description The issue concerns a lack of authorization checks for specific requests. Specifically, the panel/portfolio.php endpoint, when invoked with the action=delete parameter, does not verify user authorization before removing feedback. This could potentially allow unauthorized users to delete feedback.

Recommendations For Techno - Portfolio Management Panel through 2017-11-16, consider implementing proper authorization checks for the panel/portfolio.php?action=delete requests to ensure only authorized users can remove feedback. As a temporary workaround, restrict access to the panel/portfolio.php endpoint to minimize the risk of exploitation.