CVE-2025-40732

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Daily Expense Manager version 1.0

Description: The issue is related to a user enumeration vulnerability. To exploit this, a POST request must be sent using the name parameter in the "/check.php" endpoint.

Recommendations: For Daily Expense Manager version 1.0, consider restricting access to the "/check.php" endpoint or disabling the use of the name parameter until a fix is available. Avoid using the name parameter in the affected endpoint to minimize the risk of exploitation.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2025-40732

Affected Products

Daily Expense Manager

CVE-2025-40732

Weakness Enumeration

Related Identifiers

Affected Products

References · 9