mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-01 11:10:36 +00:00
839 B
839 B
CVE-2022-3511
Description
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
POC
Reference
Github
No PoCs found on GitHub currently.