CVE-2024-50647

Name of the Vulnerable Software and Affected Versions: python food ordering system version V1.0

Description: The python food ordering system has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through the "https://ip:port/api/myapp/index/user/info?id=1" API endpoint and modify the id value to obtain sensitive user information beyond authorization.

Recommendations: For version V1.0, as a temporary workaround, consider restricting access to the "/api/myapp/index/user/info" API endpoint until a patch is available. Avoid using the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.