mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
827 B
827 B
CVE-2025-40673
Description
A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there is no access control. The pdf filename can be obtained via OSINT, insecure network traffic or brute force.
POC
Reference
No PoCs from references.