CVE-2023-36238

Name of the Vulnerable Software and Affected Versions Bagisto versions 1.5.0 through 1.5.1

Description The issue allows an attacker to obtain sensitive information via the invoice ID parameter, which is an example of an Insecure Direct Object Reference (IDOR). This means that an attacker can potentially access data that they should not have access to by manipulating the invoice ID parameter.

Recommendations For Bagisto version 1.5.0, update to a version that fixes the Insecure Direct Object Reference issue. For Bagisto version 1.5.1, update to a version that fixes the Insecure Direct Object Reference issue. As a temporary workaround, consider restricting access to the invoice ID parameter to minimize the risk of exploitation.