PT-2022-18719 · Unknown · Febs-Security
Published
2022-04-10
·
Updated
2022-04-15
·
CVE-2022-27958
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
FEBS-Security version 1.0
Description
The issue allows attackers to access and modify users' personal information due to insecure permissions configured in the
userid parameter at the "/user/getuserprofile" API endpoint.Recommendations
For FEBS-Security version 1.0, restrict access to the
/user/getuserprofile API endpoint to minimize the risk of exploitation. Avoid using the userid parameter in this endpoint until the issue is resolved. Consider implementing secure permission checks to prevent unauthorized access to user profiles.Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Febs-Security