PT-2025-39369 · Unknown · Sistemas Pleno Gestão De Locação
Syrtain
·
Published
2025-09-25
·
Updated
2025-09-25
·
CVE-2025-10947
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sistemas Pleno Gestão de Locação versions up to 2025.7.x
Description
A flaw exists that allows for authorization bypass through manipulation of the
pes cpf argument. This issue impacts an unknown function within the file '/api/areacliente/pessoa/validarCpf' of the CPF Handler component. The attack can be executed remotely. An exploit for this issue has been published.Recommendations
Upgrade to version 2025.8.0 to resolve this issue.
Exploit
Fix
Improper Authorization
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sistemas Pleno Gestão De Locação