Camden Jace Powell

Name of the Vulnerable Software and Affected Versions: Fish | Hunt FL versions 3.8.0 and earlier Description: The issue concerns an insecure, direct object vulnerability in the hunting/fishing license retrieval function. This allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses. Recommendations: For versions 3.8.0 and earlier, update to a version later than 3.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the hunting/fishing license retrieval function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Fish | Hunt FL versions 3.8.0 and earlier Description: An insufficient session expiration issue exists, allowing a remote attacker to reuse, spoof, or steal other user and admin sessions. Recommendations: For versions 3.8.0 and earlier, update to a version later than 3.8.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive features that rely on session authentication until a patch is available.