PT-2022-18327 · Cdsoft · Cdsoft Onlinetools-Smart Winhotel.Mx

Published

2022-05-13

Updated

2022-05-24

CVE-2022-27247

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions cdSoft Onlinetools-Smart Winhotel.MX version 2021

Description The issue allows an attacker to download sensitive customer information, including date of birth, full address, mail information, and phone number, via an Insecure Direct Object Reference in the GastKont component.

Recommendations For cdSoft Onlinetools-Smart Winhotel.MX version 2021, consider restricting access to the GastKont component to minimize the risk of exploitation until a patch is available.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2022-27247

Affected Products

Cdsoft Onlinetools-Smart Winhotel.Mx

PT-2022-18327 · Cdsoft · Cdsoft Onlinetools-Smart Winhotel.Mx

CVE-2022-27247

Weakness Enumeration

Related Identifiers

Affected Products

References · 5